Red Hot Cyber, The cybersecurity news
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search
TM RedHotCyber 320x100 042514
TM RedHotCyber 970x120 042543
Oracle Critical Patch Update October 2025: 374 vulnerabilities fixed

Oracle Critical Patch Update October 2025: 374 vulnerabilities fixed

Redazione RHC : 22 October 2025 09:13

Oracle has released its new quarterly security update, the October 2025 Critical Patch Update , which addresses 374 vulnerabilities identified in numerous Oracle products. This is one of the largest patches in recent years, with fixes spanning databases, middleware, enterprise applications, and communications systems.

As always, Oracle recommends that customers apply patches without delay, as many of the fixed vulnerabilities can be exploited remotely, even without authentication. This makes the update particularly urgent for all organizations using Oracle infrastructure in critical environments.

An update that affects much of the Oracle ecosystem

The October bulletin covers a long list of products, including:

  • Oracle Database versions 19, 21, and 23
  • Oracle WebLogic Server and Fusion Middleware
  • Oracle Enterprise Manager
  • MySQL Server, Cluster, Workbench, Shell and Enterprise Backup
  • Oracle E-Business Suite
  • Oracle Communications Applications alone receives 46 security fixes
  • Oracle GoldenGate, Essbase, Graph Server and Client, REST Data Services, and many other components

In several cases, the fixed vulnerabilities are considered critical , as they allow an attacker to remotely execute code without valid credentials . This type of flaw represents one of the most dangerous threats to exposed network infrastructure.

Risk and severity assessment

Vulnerabilities were assessed according to CVSS version 3.1 , which takes into account the impact on system confidentiality, integrity, and availability. In some cases, the score reaches the highest levels of the scale, indicating the possibility of complete compromise of a service if not updated.

Oracle emphasizes that some vulnerabilities can also affect “client-only” installations, such as modules that connect to vulnerable servers. This means that even workstations that don’t host a database or core service could be exposed.

Serious vulnerabilities have been released on the Oracle Marketing product of Oracle E-Business Suite and they are: CVE-2025-62481, CVE-2025-10916, CVE-2025-53072 and CVE-2025-53037 all with a score of 9.8.

Oracle’s recommendations

The company encourages all customers to immediately install patches on all still-supported versions, including those in Extended Support. Those using versions no longer covered by security updates are encouraged to plan a migration to supported releases as soon as possible.

While waiting for the patches to be fully applied, Oracle suggests some temporary mitigation measures , such as limiting access to affected network ports, reducing user privileges, and blocking non-essential modules. However, the company emphasizes that these countermeasures are not a substitute for updating and can only partially reduce the risk.

Immagine del sitoRedazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli