The update, released on July 15, 2025, addresses critical vulnerabilities that could allow unauthorized access to enterprise systems, with several carrying the maximum CVSS 9.8 severity rating1.
The most concerning vulnerabilities in this release include CVE-2025-31651 affecting Apache Tomcat components across multiple Oracle products, and CVE-2024-52046 impacting Apache Mina in Oracle Middleware Common Libraries.
Both vulnerabilities carry a CVSS score of 9.8 and are remotely exploitable without authentication, meaning attackers can exploit them over a network without requiring user credentials.
CVE-2025-31651 specifically affects Oracle Managed File Transfer, Oracle Retail Xstore Office, Oracle Agile Engineering Data Management, and Oracle Agile PLM systems.
The vulnerability allows attackers to achieve complete system compromise with high impact on confidentiality, integrity, and availability1. System administrators should prioritize patching these systems immediately.
Another widespread threat is CVE-2025-48734, affecting Apache Commons BeanUtils across numerous Oracle products with a CVSS score of 8.8.
This vulnerability requires low privileges but can be exploited over the network, affecting dozens of Oracle applications, including Oracle Data Integrator, Oracle Identity Manager, and Oracle WebLogic Server.
Oracle Database Server receives 15 new security patches, with CVE-2025-30751 being the most critical at CVSS 8.8.
This vulnerability affects the core Oracle Database component and requires “Create Session” and “Create Procedure” privileges, potentially allowing attackers to compromise database integrity and access sensitive information.
The Java ecosystem faces significant threats with 11 new patches for Oracle Java SE. CVE-2025-50059 in the Networking component carries a CVSS score of 8.6 and affects multiple Java versions, including 8u451-perf, 11.0.27, 17.0.15, 21.0.7, and 24.0.1.
Another critical Java vulnerability, CVE-2025-30749 in the 2D component, scores 8.1 on the CVSS scale and impacts the same version range.
Oracle MySQL products receive the largest number of patches, with 40 security updates, indicating the significant security attention required for database management systems.
Notable vulnerabilities include CVE-2024-9287 affecting MySQL Workbench with a CVSS score of 7.8, and CVE-2025-32415 in MySQL Workbench’s libxml2 component scoring 7.51.
Oracle strongly recommends immediate deployment of these patches, emphasizing that attackers have previously succeeded in exploiting unpatched Oracle vulnerabilities.
The company notes that customers on actively supported versions should apply Critical Patch Updates without delay to maintain security posture1.
Organizations should prioritize patching systems with remotely exploitable vulnerabilities, particularly those with CVSS scores above 8.0, and implement proper testing procedures before production deployment to ensure business continuity while maintaining security.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant updates
The post Oracle Issues Critical Security Update Patching 309 Vulnerabilities Across Products appeared first on Cyber Security News.
The Mandalorian & Grogu is coming to theaters on May 22, but before then you…
If you frequently bring several electronics along with you on your travels but you don't…
Disney+ is offering subscribers a free Marvel Rivals skin through its Disney+ Perks program. The…
There has been a ton of buzz around Dishonored's future, following a rather innocuous post…
Capcom wants players to know that old age won't keep Leon Kennedy out of games…
Managed Security Service Providers (MSSPs) sit at the sharpest edge of today’s cyber risk curve.…
This website uses cookies.