Oracle Releases January 2025 Patch Fixing 318 Vulnerabilities
2025-01-22
Learn about the crucial importance of patch management and how staying updated can prevent severe security risks in enterprise environments.
Oracle has issued its January 2025 Critical Patch Update addressing 318 security vulnerabilities across its product suite, including Oracle Agile Product Lifecycle Management (PLM) Framework, Oracle WebLogic Server, and JD Edwards EnterpriseOne Tools. The most critical flaw, with a CVSS score of 9.9, affects the Oracle Agile PLM Framework and could allow attackers to gain control via HTTP. Other significant vulnerabilities include those in JD Edwards EnterpriseOne Tools, Apache Xerces C++ XML parser, Apache ActiveMQ, and Oracle WebLogic Server. Oracle has also released 285 security patches for Oracle Linux. Users are encouraged to apply these updates promptly to mitigate security risks.
Patch Management, Privilege Escalation, Web App/Website Vulnerability
Oracle, Critical Patch Update, Vulnerabilities, Oracle Agile PLM, JD Edwards, WebLogic Server, Cyber Risk, Security Patches
CVE-2025-21556; CVE-2024-21287; CVE-2025-21524; CVE-2023-3961; CVE-2024-23807; CVE-2023-46604; CVE-2024-45492; CVE-2024-56337; CVE-2025-21535; CVE-2016-1000027; CVE-2023-29824; CVE-2020-2883; CVE-2024-37371
Oracle Agile Product Lifecycle Management Framework, JD Edwards EnterpriseOne Tools, Apache Xerces C++ XML parser, Apache ActiveMQ, Oracle Communications Diameter Signaling Router, Oracle Communications Network Analytics Data Director, Financial Services Behavior Detection Platform, Financial Services Trade-Based Anti Money Laundering Enterprise Edition, HTTP Server, Apache Tomcat server, Oracle Communications Policy Management, Oracle WebLogic Server, Oracle BI Publisher, Oracle Business Intelligence Enterprise Edition, Oracle Linux
Oracle has rolled out its January 2025 Critical Patch Update, addressing a significant number of security vulnerabilities—318 to be exact—across its diverse range of products. This update is critical for businesses relying on Oracle's software solutions, as it includes patches for several high-risk vulnerabilities. One of the most severe vulnerabilities, with a CVSS score of 9.9, is found in the Oracle Agile Product Lifecycle Management (PLM) Framework. This flaw could allow attackers to take control of affected systems through HTTP network access, posing a significant threat if left unpatched. Notably, this vulnerability affects Oracle Agile PLM Framework version 9.3.6, and there have been reports of active exploitation attempts against a similar flaw in this product. Other critical vulnerabilities addressed in this update include: Oracle has also addressed a critical Kerberos 5 vulnerability (CVE-2024-37371) affecting its Communications Billing and Revenue Management, which could lead to invalid memory reads. Furthermore, Oracle Linux users should be aware of the 285 new security patches available in this update, emphasizing the need for timely patch management. Oracle strongly advises customers to apply these updates to safeguard their systems against potential exploits. Failing to update could leave systems exposed to attacks that could compromise sensitive data and business operations.Oracle's January 2025 Critical Patch Update: Key Highlights
Major Vulnerabilities Addressed
Additional Vulnerabilities and Patches
Recommendations
https://thehackernews.com/2025/01/oracle-releases-january-2025-patch-to.html?m=1