CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Oracle Releases October 2025 Patches

The Critical Patch Update contains 374 new security patches that resolve many vulnerabilities. The post Oracle Releases October 2025 Patches appeared first on SecurityWeek.

Oracle patches

Oracle on Tuesday released 374 new security patches as part of its October 2025 Critical Patch Update (CPU), including over 230 fixes for vulnerabilities that are remotely exploitable without authentication.

There appear to be roughly 260 unique CVEs in Oracle’s October 2025 CPU advisory, including a dozen critical-severity flaws. 

The October CPU was rolled out roughly a week after Oracle released patches for an E-Business Suite defect allowing access to sensitive data, and two weeks after the company warned of a zero-day in the product that was exploited by an extortion group.

This month, Oracle Communications received the largest number of security patches, at 73, including 47 for vulnerabilities that can be exploited by remote, unauthenticated attackers.

Oracle rolled out 64 new security patches for Communications Applications, including 46 for remotely exploitable flaws, and 33 new security patches for Financial Services Applications, 29 of which address remotely exploitable, unauthenticated bugs.

The company also announced a large number of new security patches for Fusion Middleware (20 new – 17 for issues that are remotely exploitable without authentication), Retail Applications (18 – 14), MySQL (18 – 7), PeopleSoft (18 – 7), and Systems (16 – 3).

Several products received over half a dozen new security patches each, including E-Business Suite (9 new – 6 remotely exploitable), Commerce (9 – 2), Virtualization (9 – 0), Siebel CRM (8 – 8), JD Edwards (8 – 6), Analytics (8 – 5), Insurance Applications (8 – 5), Construction and Engineering (7 – 7), and Hyperion (7 – 4).

Other Oracle products that received patches this month include Database Server (6 – 2), GoldenGate (6 -2), Java SE (5 – 5), Hospitality Applications (5 – 3), Essbase (4 – 2), HealthCare Applications (3 – 3), Utilities Applications (3 – 2), Enterprise Manager (3 – 2), Health Sciences Applications (3 – 1), Supply Chain (1 – 1), Graph Server and Client (1 – 0), and REST Data Services (1 – 0).

Additional flaws and non-exploitable bugs were resolved in many of these products. For several other products, Oracle did not release new security patches, but patched non-exploitable third-party CVEs in them.

On Tuesday, Oracle also announced five new security patches for the Solaris Operating System, including three for vulnerabilities that are remotely exploitable without authentication.

*the number of unique CVEs has been updated

Related: CISA Confirms Exploitation of Latest Oracle EBS Vulnerability

Related: Oracle Patches 200 Vulnerabilities With July 2025 CPU

Related: ConnectWise Patches Critical Flaw in Automate RMM Tool

Related: Adobe Patches Critical Vulnerability in Connect Collaboration Suite

Latest News

CYBERNEWSMEDIAPublisher