Update on Oracle's July 2025 Critical Patch, which offers a security review for essential updates to combat potential threats
Oracle has announced its second quarterly Critical Patch Update (CPU) of the year, addressing a total of 309 security vulnerabilities across various Oracle products. This update aims to mitigate high-risk issues, including critical and high-severity vulnerabilities, to ensure the security of its users' systems.
High-Severity Vulnerabilities Addressed
The update includes several high-severity vulnerabilities affecting different Oracle products. Notable among them are CVE-2024-25638, CVE-2025-48734, CVE-2024-47606, CVE-2024-1135, CVE-2025-23016, CVE-2025-27363, and CVE-2023-27349 in various Oracle Communications products.
CVE-2025-48734, in particular, impacts different Oracle Financial Services Applications products, while CVE-2024-9287 and CVE-2025-32415 affect MySQL Workbench. Additionally, CVE-2025-31651 and CVE-2024-52046 have critical severity ratings and a CVSS score of 9.8 in different Oracle Fusion Middleware products.
Product-Specific Updates
The update provides the highest number of patches, 84, to Oracle Communications. This Critical Patch Update for Oracle Communications includes 50 network-exploitable vulnerabilities without user credentials. Oracle Communications Applications received 29 security patches, with one of them being network-exploitable without user credentials.
Oracle Financial Services Applications received 18 security patches, with 13 of them being network-exploitable without user credentials. Oracle MySQL received 40 security patches in this Critical Patch Update, with three of them being network-exploitable without user credentials. Oracle Fusion Middleware follows with 36 security patches, with 22 of them being network-exploitable without user credentials.
Oracle Database and Other Product Updates
The update includes 15 security updates for Oracle Database products, with the maximum reported CVSS Base Score of 9.0 for Oracle Application Express. Oracle MySQL and Oracle Fusion Middleware also receive significant updates, with 40 and 36 security patches respectively.
Oracle's second quarterly Critical Patch Update of the year also covers product families including Oracle Database Server, Oracle Application Express, Oracle Blockchain Platform, Oracle GoldenGate, Oracle NoSQL Database, Oracle REST Data Services, and more.
Non-Oracle Common Vulnerabilities and Exposures (CVEs)
Approximately 74% of the security patches are for non-Oracle Common Vulnerabilities and Exposures (CVEs). This indicates that Oracle is addressing a significant number of vulnerabilities that are not exclusive to its products but affect a broader range of software.
Oracle JDK 25 and Security Libraries
Oracle received the most security updates in the latest Oracle Critical Patch Update, affecting primarily the Oracle JDK 25 and its security libraries, including cryptographic object encoding, key derivation functions, and improvements targeting quantum-safe encryption and Java application performance enhancements.
In conclusion, this Oracle Critical Patch Update addresses a significant number of security vulnerabilities across various Oracle products. It is crucial for users to apply these patches promptly to ensure the security of their systems.
Read also:
- InformationWarfare in the Modern Era: Enhancing an Information Strategy for today's Battlefield and Botnet Threats
- U.S. intelligence leader alleges UK succumbed to pressure over Apple data access request
- Politician's Rivalry Slips into Online Traps Made for Stealing Information via Social Media Phishes
- Top 46 Significant Tech Firms Based in Toronto
