The update, released on July 15, 2025, addresses critical vulnerabilities that could allow unauthorized access to enterprise systems, with several carrying the maximum CVSS 9.8 severity rating1.
The most concerning vulnerabilities in this release include CVE-2025-31651 affecting Apache Tomcat components across multiple Oracle products, and CVE-2024-52046 impacting Apache Mina in Oracle Middleware Common Libraries.
Both vulnerabilities carry a CVSS score of 9.8 and are remotely exploitable without authentication, meaning attackers can exploit them over a network without requiring user credentials.
CVE-2025-31651 specifically affects Oracle Managed File Transfer, Oracle Retail Xstore Office, Oracle Agile Engineering Data Management, and Oracle Agile PLM systems.
The vulnerability allows attackers to achieve complete system compromise with high impact on confidentiality, integrity, and availability1. System administrators should prioritize patching these systems immediately.
Another widespread threat is CVE-2025-48734, affecting Apache Commons BeanUtils across numerous Oracle products with a CVSS score of 8.8.
This vulnerability requires low privileges but can be exploited over the network, affecting dozens of Oracle applications, including Oracle Data Integrator, Oracle Identity Manager, and Oracle WebLogic Server.
Oracle Database Server receives 15 new security patches, with CVE-2025-30751 being the most critical at CVSS 8.8.
This vulnerability affects the core Oracle Database component and requires “Create Session” and “Create Procedure” privileges, potentially allowing attackers to compromise database integrity and access sensitive information.
The Java ecosystem faces significant threats with 11 new patches for Oracle Java SE. CVE-2025-50059 in the Networking component carries a CVSS score of 8.6 and affects multiple Java versions, including 8u451-perf, 11.0.27, 17.0.15, 21.0.7, and 24.0.1.
Another critical Java vulnerability, CVE-2025-30749 in the 2D component, scores 8.1 on the CVSS scale and impacts the same version range.
Oracle MySQL products receive the largest number of patches, with 40 security updates, indicating the significant security attention required for database management systems.
Notable vulnerabilities include CVE-2024-9287 affecting MySQL Workbench with a CVSS score of 7.8, and CVE-2025-32415 in MySQL Workbench’s libxml2 component scoring 7.51.
Oracle strongly recommends immediate deployment of these patches, emphasizing that attackers have previously succeeded in exploiting unpatched Oracle vulnerabilities.
The company notes that customers on actively supported versions should apply Critical Patch Updates without delay to maintain security posture1.
Organizations should prioritize patching systems with remotely exploitable vulnerabilities, particularly those with CVSS scores above 8.0, and implement proper testing procedures before production deployment to ensure business continuity while maintaining security.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant updates
The post Oracle Issues Critical Security Update Patching 309 Vulnerabilities Across Products appeared first on Cyber Security News.
Pixar had an animated musical movie in development for three years that was thematically similar…
Certes has released Certes v7, an extension of its Data Protection and Risk Mitigation (DPRM)…
The massive LEGO Titanic set is still on backorder through LEGO, even after almost five…
200 Years Ago We are informed by a person who has long been engaged in…
200 Years Ago We are informed by a person who has long been engaged in…
AMHERST — Pain management through music, addressing the effects of Parkinson’s disease with dance instead…
This website uses cookies.