Oracle has released its Critical Patch Update Pre-Release Announcement for January 2025, providing advance notice of the crucial security updates scheduled for release on Tuesday, January 21st, 2025. This update is expected to address a significant number of vulnerabilities across Oracle’s diverse product portfolio.
Key Highlights from the Update
- Oracle Database Server
The update introduces five new security patches for the Oracle Database Server, with two vulnerabilities exploitable remotely without authentication. The highest CVSS v3.1 base score is 7.5, underscoring the potential risk to affected systems. Supported versions include Oracle Database Server 19.x, 21.x, and 23.x. - Oracle Communications Applications
With 86 new security patches, 59 of which are remotely exploitable, this category has one of the highest vulnerabilities addressed. The maximum CVSS score is 9.8, reflecting critical risks. Impacted products include Oracle Communications Cloud Native Core, Unified Data Repository, and Session Border Controller. - Oracle MySQL
The update covers 39 new security patches for Oracle MySQL products, four of which are remotely exploitable. The highest CVSS score is 9.1, affecting MySQL Server versions 8.0.40 and prior. - Oracle Financial Services Applications
Addressing 32 vulnerabilities, 24 remotely exploitable, this category also reports a maximum CVSS score of 9.8, indicating severe threats to products like Oracle Banking and Compliance Studio. - Oracle Fusion Middleware
A total of 21 patches were issued for Fusion Middleware, with 17 exploitable remotely. Products such as Oracle WebLogic Server and Identity Manager are impacted, with a CVSS score of up to 9.8.
Among the most severe vulnerabilities are those affecting Oracle Communications Applications and Fusion Middleware, each reaching a CVSS score of 9.8. These vulnerabilities could allow attackers to exploit systems over a network without requiring authentication.
“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update patches as soon as possible,” the pre-release announcement states.
