Oracle on Tuesday launched 374 new safety patches as a part of its October 2025 Vital Patch Replace (CPU), together with over 230 fixes for vulnerabilities which can be remotely exploitable with out authentication.
SecurityWeek has recognized roughly 180 distinctive CVEs in Oracle’s October 2025 CPU advisory and counted a dozen critical-severity flaws.
The October CPU was rolled out roughly per week after Oracle launched patches for an E-Enterprise Suite defect permitting entry to delicate knowledge, and two weeks after the corporate warned of a zero-day within the product that was exploited by an extortion group.
This month, Oracle Communications acquired the biggest variety of safety patches, at 73, together with 47 for vulnerabilities that may be exploited by distant, unauthenticated attackers.
Oracle rolled out 64 new safety patches for Communications Functions, together with 46 for remotely exploitable flaws, and 33 new safety patches for Monetary Companies Functions, 29 of which deal with remotely exploitable, unauthenticated bugs.
The corporate additionally introduced a lot of new safety patches for Fusion Middleware (20 new – 17 for points which can be remotely exploitable with out authentication), Retail Functions (18 – 14), MySQL (18 – 7), PeopleSoft (18 – 7), and Techniques (16 – 3).
A number of merchandise acquired over half a dozen new safety patches every, together with E-Enterprise Suite (9 new – 6 remotely exploitable), Commerce (9 – 2), Virtualization (9 – 0), Siebel CRM (8 – 8), JD Edwards (8 – 6), Analytics (8 – 5), Insurance coverage Functions (8 – 5), Development and Engineering (7 – 7), and Hyperion (7 – 4).
Different Oracle merchandise that acquired patches this month embrace Database Server (6 – 2), GoldenGate (6 -2), Java SE (5 – 5), Hospitality Functions (5 – 3), Essbase (4 – 2), HealthCare Functions (3 – 3), Utilities Functions (3 – 2), Enterprise Supervisor (3 – 2), Well being Sciences Functions (3 – 1), Provide Chain (1 – 1), Graph Server and Shopper (1 – 0), and REST Knowledge Companies (1 – 0).Commercial. Scroll to proceed studying.
Extra flaws and non-exploitable bugs had been resolved in lots of of those merchandise. For a number of different merchandise, Oracle didn’t launch new safety patches, however patched non-exploitable third-party CVEs in them.
On Tuesday, Oracle additionally introduced 5 new safety patches for the Solaris Working System, together with three for vulnerabilities which can be remotely exploitable with out authentication.
Associated: CISA Confirms Exploitation of Newest Oracle EBS Vulnerability
Associated: Oracle Patches 200 Vulnerabilities With July 2025 CPU
Associated: ConnectWise Patches Vital Flaw in Automate RMM Device
Associated: Adobe Patches Vital Vulnerability in Join Collaboration Suite
