Summary: Oracle’s Critical Patch Update Pre-Release Announcement for January 2025 highlights upcoming security updates set for January 21st, 2025, addressing numerous vulnerabilities across its product range. Key areas of concern include Oracle Database Server, Communications Applications, MySQL, Financial Services Applications, and Fusion Middleware, with several vulnerabilities being remotely exploitable. The announcement emphasizes the urgency for customers to apply these patches promptly due to the potential risks involved.

Threat Actor: Unknown | unknown
Victim: Oracle | Oracle

Keypoints :

• Five new security patches for Oracle Database Server, with two vulnerabilities remotely exploitable.
• Oracle Communications Applications have 86 new patches, 59 of which are remotely exploitable, with a CVSS score of up to 9.8.
• Oracle MySQL includes 39 new patches, four remotely exploitable, and a maximum CVSS score of 9.1.
• Oracle Financial Services Applications address 32 vulnerabilities, 24 remotely exploitable, with a CVSS score of 9.8.
• Fusion Middleware has 21 patches, 17 remotely exploitable, impacting products like WebLogic Server.
• Oracle urges immediate application of patches due to the severe threat posed by these vulnerabilities.