This quarterly security update represents one of the most comprehensive patches in recent history, targeting critical flaws in database systems, middleware, cloud applications, and enterprise software that could potentially expose organizations to severe cyberattacks. Oracle’s enterprise middleware stack faces significant security challenges, with WebLogic Server receiving 8 vulnerability patches, including the severe CVE-2025-30762 affecting T3 and IIOP protocols. Organizations should establish systematic patch management processes to address these recurring security challenges, as Oracle continues to discover and remediate vulnerabilities across its vast product ecosystem. Oracle released its July 2025 Critical Patch Update on July 15, addressing 309 security vulnerabilities across its extensive product portfolio. Fusion Middleware components contain multiple Apache Commons BeanUtils vulnerabilities (CVE-2025-48734) scoring 8.8, which could lead to remote code execution in enterprise applications. The company notes that some vulnerabilities are already being exploited in the wild, with successful attacks reported against organizations that failed to apply previous security updates. Oracle Database and APEX face severe vulnerabilities CVE-2025-30751 (CVSS 8.8) and CVE-2025-50067 (CVSS 9.0), enabling system compromise. Among the most concerning discoveries are 145 remotely exploitable vulnerabilities that require no authentication, meaning attackers could potentially compromise systems without valid credentials. Apply patches immediately - some vulnerabilities already exploited, with 131 high-severity flaws needing priority attention.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 16 Jul 2025 12:25:21 +0000