Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

The Hacker News by The Hacker News
January 22, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Jan 22, 2025Ravie LakshmananVulnerability / Enterprise Security

Oracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security vulnerabilities spanning its products and services.

The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management (PLM) Framework (CVE-2025-21556, CVSS score: 9.9) that could allow an attacker to seize control of susceptible instances.

“Easily exploitable vulnerability allows low privileged attackers with network access via HTTP to compromise Oracle Agile PLM Framework,” according to a description of the security hole in the NIST National Vulnerability Database (NVD).

Cybersecurity

It’s worth noting that Oracle warned of active exploitation attempts against another flaw in the same product (CVE-2024-21287, CVSS score: 7.5) in November 2024. Both vulnerabilities affect Oracle Agile PLM Framework version 9.3.6.

“Customers are strongly advised to apply the January 2025 Critical Patch Update for Oracle Agile PLM Framework as it includes patches for [CVE-2024-21287] as well as additional patches,” Eric Maurice, vice president of Security Assurance at Oracle, said.

Some of the other critical severity flaws, all rated 9.8 on the CVSS score, addressed by Oracle are as follows –

  • CVE-2025-21524 – A vulnerability in the Monitoring and Diagnostics SEC component of JD Edwards EnterpriseOne Tools
  • CVE-2023-3961 – A vulnerability in the E1 Dev Platform Tech (Samba) component of JD Edwards EnterpriseOne Tools
  • CVE-2024-23807 – A vulnerability in the Apache Xerces C++ XML parser component of Oracle Agile Engineering Data Management
  • CVE-2023-46604 – A vulnerability in the Apache ActiveMQ component of the Oracle Communications Diameter Signaling Router
  • CVE-2024-45492 – A vulnerability in the XML parser (libexpat) component of Oracle Communications Network Analytics Data Director, Financial Services Behavior Detection Platform, Financial Services Trade-Based Anti Money Laundering Enterprise Edition, and HTTP Server
  • CVE-2024-56337 – A vulnerability in the Apache Tomcat server component of Oracle Communications Policy Management
  • CVE-2025-21535 – A vulnerability in the Core component of Oracle WebLogic Server
  • CVE-2016-1000027 – A vulnerability in the Spring Framework component of Oracle BI Publisher
  • CVE-2023-29824 – A vulnerability in the Analytics Server (SciPy) component of Oracle Business Intelligence Enterprise Edition
Cybersecurity

CVE-2025-21535 is also similar to CVE-2020-2883 (CVSS score: 9.8), another critical security vulnerability in Oracle WebLogic Server that could be exploited by an unauthenticated attacker with network access via IIOP or T3.

Earlier this month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2020-2883 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active in-the-wild exploitation.

Also addressed by Oracle is CVE-2024-37371 (CVSS score: 9.1), a critical Kerberos 5 flaw affecting its Communications Billing and Revenue Management that could permit an attacker to “cause invalid memory reads by sending message tokens with invalid length fields.”

Users are advised to apply the necessary patches to keep their systems up-to-date and avoid potential security risks.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Elon Musk distances himself from Trump’s Stargate AI mission | Computer Weekly

Elon Musk distances himself from Trump’s Stargate AI mission | Computer Weekly

Recommended.

TE Connectivity named to Dow Jones Sustainability Index for 13th year

TE Connectivity named to Dow Jones Sustainability Index for 13th year

January 5, 2025
CData Looks To Bridge The Data Infrastructure Gap With Latest Offering

CData Looks To Bridge The Data Infrastructure Gap With Latest Offering

March 11, 2026

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
OpenTable Launches All-in-One Marketplace for Private and Group Dining

OpenTable Launches All-in-One Marketplace for Private and Group Dining

September 16, 2025

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio