Security Analysis of July 2025 Oracle Critical Patch Update
In the latest quarterly Critical Patch Update of 2024, Oracle has addressed a significant number of security vulnerabilities across its product families. This update aims to safeguard users from potential threats and reinforces Oracle's commitment to maintaining the security of its products.
The update has been particularly noteworthy for Oracle Database products, which received the highest CVSS base score security updates in the 2024 Oracle Critical Patch Update. The update also included 15 updates for Oracle Database products. Additionally, six new security updates were provided for Oracle Database Server, one for Oracle Application Express, one for Oracle Blockchain Platform, five for Oracle GoldenGate, one for Oracle NoSQL Database, and one for Oracle REST Data Services.
Oracle Communications products were not left behind, with the update providing the highest number of patches, 84, to this product family. Among these, 50 vulnerabilities can be exploited over a network without user credentials, posing a potential risk for low-complexity network attacks. Notably, CVE-2025-31651 and CVE-2024-52046 in Oracle Fusion Middleware products have critical severity ratings with a CVSS score of 9.8, making them a significant concern. An attacker may exploit these vulnerabilities in such attacks without privileges.
Oracle Fusion Middleware also received 29 new security patches as part of this update, while Oracle MySQL and Oracle Fusion Middleware followed with 40 and 36 security patches respectively.
The Critical Patch Update for Oracle Financial Services Applications received 18 security patches, and 13 vulnerabilities in Oracle Financial Services Applications products can be exploited over a network without user credentials. One vulnerability in Oracle Communications Applications products can also be exploited in this manner, while CVE-2025-48734 impacting Oracle Financial Services Applications products has high severity ratings with a CVSS score of 8.8.
Interestingly, about 74% of the patches provided by the July Critical Patch Update are for non-Oracle CVEs, indicating a broader focus on addressing security issues across the industry.
This update covers a wide range of product families, including those mentioned above, as well as many others. With the increasing threat landscape, it is crucial for organisations to apply these updates promptly to ensure the security of their systems.
Read also:
- Top 15 Pivotal Risks to Mobile Application's Security
- UK manufacturing halt extended to three weeks due to cyber attack at JLR factory
- Revising the title: Redefining "Bring Your Own Device" Policies for a Secure and Flexible Workspace in the Hybrid Work Environment
- "Global VPN Day: Is it a shield for privacy or a gap needing sealing? Exploring the implications"
