CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Oracle Patches 200 Vulnerabilities With July 2025 CPU

Oracle’s July 2025 Critical Patch Update contains 309 security patches that address approximately 200 unique CVEs. The post Oracle Patches 200 Vulnerabilities With July 2025 CPU appeared first on SecurityWeek.

Oracle patches

Oracle has released 309 new security patches as part of its July 2025 Critical Patch Update (CPU), including 127 fixes for vulnerabilities that are remotely exploitable without authentication.

SecurityWeek has identified roughly 200 unique CVEs in Oracle’s July 2025 CPU and counted nine patches that address critical-severity flaws.

The same as in April, Oracle Communications received the largest number of security fixes. This month, Oracle released 84 patches for it, including 50 that resolve defects exploitable remotely without authentication. While none of these issues has a critical severity rating, 51 are high severity.

Oracle has been busy addressing a hefty number of bugs in MySQL (40 security patches, including 3 for remotely exploitable, unauthenticated flaws), Fusion Middleware (36 – 22), and Communications Applications (29 – 1) too.

Financial Services Applications received 18 security patches (13 for remotely exploitable, unauthenticated vulnerabilities), Java SE received 11 (10), Retail Applications 11 (8), E-Business Suite 9 (3) and Supply Chain 8 (all exploitable remotely, without authentication).

Oracle released a smaller number of patches for PeopleSoft (7 – 3 for bugs exploitable by remote, unauthenticated attackers), Virtualization (7 – 0), Siebel CRM (6 – 5), Utilities Applications (6 – 5), Database Server (6 – 0), GoldenGate (5 – 2), Analytics (5 – 2), Hyperion (4 – 1), HealthCare Applications (3 – 2), Insurance Applications (3 – 2), Construction and Engineering (2 – 0), and JD Edwards (2 – 0).

Application Express, Blockchain Platform, NoSQL Database, REST Data Services, Commerce, Enterprise Manager, and Hospitality Applications received one patch each.

Oracle’s advisory notes that, while multiple products did not receive security patches, they did receive fixes for non-exploitable third-party CVEs. For other products, the security updates address additional flaws and non-exploitable CVEs.

Customers should apply the patches as soon as possible, as threat actors are known to have exploited Oracle vulnerabilities for which fixes have been released but not applied.

On Tuesday, Oracle announced the release of 20 new security patches as part of its July 2025 Solaris Third Party Bulletin, including 12 for flaws that are remotely exploitable without authentication.

Related: Oracle Patches 180 Vulnerabilities With April 2025 CPU

Related: CISA Issues Guidance After Oracle Cloud Hack

Related: CISA Warns of Attacks Exploiting Oracle Agile PLM Vulnerability

Related: Oracle Patches 200 Vulnerabilities With January 2025 CPU

Latest News

CYBERNEWSMEDIAPublisher