Oracle has launched 309 new safety patches as a part of its July 2025 Vital Patch Replace (CPU), together with 127 fixes for vulnerabilities which can be remotely exploitable with out authentication.
SecurityWeek has recognized roughly 200 distinctive CVEs in Oracle’s July 2025 CPU and counted 9 patches that tackle critical-severity flaws.
The identical as in April, Oracle Communications obtained the most important variety of safety fixes. This month, Oracle launched 84 patches for it, together with 50 that resolve defects exploitable remotely with out authentication. Whereas none of those points has a crucial severity ranking, 51 are excessive severity.
Oracle has been busy addressing a hefty variety of bugs in MySQL (40 safety patches, together with 3 for remotely exploitable, unauthenticated flaws), Fusion Middleware (36 – 22), and Communications Purposes (29 – 1) too.
Monetary Providers Purposes obtained 18 safety patches (13 for remotely exploitable, unauthenticated vulnerabilities), Java SE obtained 11 (10), Retail Purposes 11 (8), E-Enterprise Suite 9 (3) and Provide Chain 8 (all exploitable remotely, with out authentication).
Oracle launched a smaller variety of patches for PeopleSoft (7 – 3 for bugs exploitable by distant, unauthenticated attackers), Virtualization (7 – 0), Siebel CRM (6 – 5), Utilities Purposes (6 – 5), Database Server (6 – 0), GoldenGate (5 – 2), Analytics (5 – 2), Hyperion (4 – 1), HealthCare Purposes (3 – 2), Insurance coverage Purposes (3 – 2), Building and Engineering (2 – 0), and JD Edwards (2 – 0).
Software Categorical, Blockchain Platform, NoSQL Database, REST Information Providers, Commerce, Enterprise Supervisor, and Hospitality Purposes obtained one patch every.
Oracle’s advisory notes that, whereas a number of merchandise didn’t obtain safety patches, they did obtain fixes for non-exploitable third-party CVEs. For different merchandise, the safety updates tackle further flaws and non-exploitable CVEs.Commercial. Scroll to proceed studying.
Prospects ought to apply the patches as quickly as doable, as menace actors are recognized to have exploited Oracle vulnerabilities for which fixes have been launched however not utilized.
On Tuesday, Oracle introduced the discharge of 20 new safety patches as a part of its July 2025 Solaris Third Get together Bulletin, together with 12 for flaws which can be remotely exploitable with out authentication.
Associated: Oracle Patches 180 Vulnerabilities With April 2025 CPU
Associated: CISA Points Steerage After Oracle Cloud Hack
Associated: CISA Warns of Assaults Exploiting Oracle Agile PLM Vulnerability
Associated: Oracle Patches 200 Vulnerabilities With January 2025 CPU
