Oracle has released its latest Critical Patch Update (CPU), delivering a broad set of security fixes across 28 product families and addressing hundreds of vulnerabilities, including a significant number that could be exploited remotely without authentication. The update includes fixes for approximately 450 unique CVEs, reflecting the scale and complexity of vulnerabilities affecting Oracle’s ecosystem. Of these, more than 300 patches address flaws that attackers could exploit remotely without requiring login credentials, making them particularly critical for organizations running exposed systems. Around three dozen vulnerabilities have been classified as critical severity.
While roughly 240 CVEs are detailed in Oracle’s official risk matrices, additional vulnerabilities have also been addressed, including issues originating from third-party components that may not be directly exploitable within Oracle environments but still require remediation.
Among the affected products, Oracle Communications received the highest number of patches, with 139 fixes in total. Notably, 93 of these address vulnerabilities that could be exploited remotely without authentication, highlighting the elevated risk profile of communications infrastructure.
Financial Services Applications followed with 75 patches, including 59 targeting remotely exploitable flaws. Fusion Middleware also saw significant updates, with 59 vulnerabilities fixed, 46 of which could be exploited without authentication. Other major platforms received substantial updates as well. MySQL was patched for 34 vulnerabilities, while PeopleSoft addressed 21 issues. E-Business Suite received 18 fixes, and Analytics and Retail Applications each saw 15 vulnerabilities resolved. Siebel CRM was updated with 14 patches, most of which were remotely exploitable.
Additional updates were released across several other Oracle products, including Java SE, GoldenGate, Enterprise Manager, Virtualization, and Database Server, each receiving multiple security fixes. Oracle also issued patches or third-party updates for a wide range of platforms such as Blockchain Platform, REST Data Services, TimesTen In-Memory Database, and various industry-specific applications.
In some instances, the same CVE impacted multiple Oracle products, requiring coordinated patching efforts across environments. For certain products, Oracle opted to deploy third-party updates instead of issuing new patches directly.The scale of this update underscores the importance of timely patch management, particularly as a large portion of the vulnerabilities can be exploited remotely without authentication. Organizations using Oracle technologies are advised to prioritize patch deployment to mitigate potential exposure and reduce the risk of exploitation.
Recommended Cyber Technology News:
- Enfortra Launches NetSentinel for Real-Time Dark Web Threat Monitoring
- Omnigo and Evolv Partner to Strengthen AI-Driven Security Operations
- High-Severity PX4 Vulnerability Raises Concerns for UAV Security
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
