Summary
Oracle has released the January Critical Patch Update that describes 267 vulnerabilities across multiple products, 18 of which are rated “critical.” Some of these vulnerabilities could be exploited to perform unauthorized operations or compromise service availability on target systems.
Risk
Estimate of impact of the vulnerability on the reference community: High (66.53)
Type
- Denial of Service
- Remote Code Execution
- Security Restrictions Bypass
- Information Disclosure
- Elevation of Privilege
- Data Manipulation
Affected products and/or versions
Oracle
- Analytics
- Application Express
- Big Data Spatial and Graph
- Blockchain Platform
- Commerce
- Communications
- Communications Applications
- Construction and Engineering
- Database Server
- E-Business Suite
- Enterprise Manager
- Essbase
- Financial Services Applications
- Fusion Middleware
- GoldenGate
- Graph Server and Client
- Health Sciences Applications
- Hospitality Applications
- Hyperion
- Insurance Applications
- JD Edwards
- Java SE
- MySQL
- PeopleSoft
- Policy Automation
- REST Data Services
- Retail Applications
- Secure Backup
- Siebel CRM
- Supply Chain
- Systems
- TimesTen In-Memory Database
- Utilities Applications
- Virtualization
Mitigation actions
In line with vendor statements, it is recommended to update products to the latest available version.
For more information on the affected products and intervention methods, we recommend referring to the security bulletin available in the References section.
Below are only the CVEs related to vulnerabilities with a “critical” severity:
References
https://www.oracle.com/security-alerts/cpujan2025.html
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
