Summary: Oracle has released its January 2025 Critical Patch Update (CPU) addressing 318 security vulnerabilities across its products, with the most severe being a critical flaw in the Oracle Agile PLM Framework that could allow attackers to take control of affected systems. The update includes patches for previously reported vulnerabilities and emphasizes the importance of applying these updates to mitigate risks. Customers are strongly urged to implement the patches to protect their systems from potential exploitation.
Threat Actor: Unknown | unknown
Victim: Oracle Customers | oracle customers
Keypoints :
- Oracle’s January 2025 CPU addresses 318 vulnerabilities, including a critical bug (CVE-2025-21556) in the Agile PLM Framework.
- Active exploitation attempts were noted for another flaw (CVE-2024-21287) in the same product, highlighting ongoing security risks.
- Other critical vulnerabilities with CVSS scores of 9.8 also affect various Oracle products, necessitating prompt patch application by users.
Source: https://thehackernews.com/2025/01/oracle-releases-january-2025-patch-to.html