Oracle January 2025 Critical Patch Update Addresses 186 CVEs

Oracle January 2025 Critical Patch Update Addresses 186 CVEs
2025-1-22 17:52:40 Author: www.tenable.com(查看原文) 阅读量:2 收藏

January 22, 2025

2 Min Read

Tenable Research blog header Oracle Critical Patch Update

Oracle addresses 186 CVEs in its first quarterly update of 2025 with 318 patches, including 30 critical updates.

Background

On January 21, Oracle released its Critical Patch Update (CPU) for January 2025, the first quarterly update of the year. This CPU contains fixes for 186 CVEs in 318 security updates across 27 Oracle product families. Out of the 318 security updates published this quarter, 9.4% of patches were assigned a critical severity. Medium severity patches accounted for the bulk of security patches at 56.6%, followed by high severity patches at 32.4%.

Chart

This quarter’s update includes 30 critical patches across 18 CVEs.

Severity	Issues Patched	CVEs
Critical	30	18
High	103	55
Medium	180	109
Low	5	4
Total	318	186

Analysis

This quarter, the Oracle REST Data Services product family contained the highest number of patches at 85, accounting for 26.7% of the total patches, followed by Oracle Health Sciences Applications at 39 patches, which accounted for 12.3% of the total patches.

A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.

Oracle Product Family	Number of Patches	Remote Exploit without Auth
Oracle REST Data Services	85	59
Oracle Health Sciences Applications	39	4
Oracle Communications Applications	31	24
Oracle Graph Server and Client	28	15
Oracle Construction and Engineering	26	21
Oracle Analytics	23	14
Oracle Communications	22	18
Oracle Hospitality Applications	16	6
Oracle Java SE	6	3
Oracle MySQL	6	4
Oracle Database Server	5	2
Oracle Secure Backup	4	1
Oracle TimesTen In-Memory Database	4	1
Oracle Commerce	3	3
Oracle Big Data Spatial and Graph	2	0
Oracle E-Business Suite	2	1
Oracle Financial Services Applications	2	0
Oracle Fusion Middleware	2	1
Oracle Hyperion	2	2
Oracle Insurance Applications	2	1
Oracle PeopleSoft	2	0
Oracle Application Express	1	0
Oracle Blockchain Platform	1	1
Oracle Essbase	1	1
Oracle GoldenGate	1	1
Oracle Enterprise Manager	1	1
Oracle JD Edwards	1	0

Solution

Customers are advised to apply all relevant patches in this quarter’s CPU. Please refer to the January 2025 advisory for full details.

Identifying affected systems

A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.

Get more information

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Scott Caveza

Scott joined Tenable in 2012 as a Research Engineer on the Nessus Plugins team. Over the years, he has written hundreds of plugins for Nessus, and reviewed code for even more from his time being a team lead and manager of the Plugins team. Previously leading the Security Response team and the Zero Day Research team, Scott is currently a member of the Security Response team, helping the research organization respond to the latest threats. He has over a decade of experience in the industry with previous work in the Security Operations Center (SOC) for a major domain registrar and web hosting provider. Scott is a current CISSP and actively maintains his GIAC GWAPT Web Application Penetration Tester certification.

Interests outside of work: Scott enjoys spending time with his family, camping, fishing and being outdoors. He also enjoys finding ways to break web applications and home renovation projects.