CyberSecurityBoard
Sponsor Register Login

Oracle Security Update - Patch for 378 Vulnerabilities Including Remote Exploits

“Oracle strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay,” the company stated in its advisory. Oracle Database Server versions 19.3-19.26, 21.3-21.17, and 23.4-23.7 received patches for multiple security issues, highlighting the importance of updating database systems. Oracle released its April 2025 Critical Patch Update (CPU), addressing 378 new security vulnerabilities across its extensive product portfolio. For organizations unable to immediately apply patches, Oracle suggests potentially reducing risk by “blocking network protocols required by an attack” or “removing privileges or the ability to access the packages from users that do not need the privileges”. The patches cover flaws reported by numerous security researchers and organizations, including Google, Amazon AWS Security, Alibaba, Tsinghua University, and various independent security experts. The quarterly security update, announced on Wednesday, contains patches for numerous high-risk flaws, many of which could potentially allow remote exploitation without authentication. Java SE one of Oracle’s most widely distributed technologies, received patches for versions 8u441, 11.0.26, 17.0.14, 21.0.6, and 24, addressing vulnerabilities potentially impacting millions of systems worldwide. The April 2025 CPU impacts many Oracle products and services, including Oracle Database Server, Java SE, MySQL, Fusion Middleware, E-Business Suite, Communications products, and numerous others. Security professionals recommend that organizations implement a risk-based approach to applying these patches. Oracle emphasized that patches are only provided for product versions under the Premier Support or Extended Support phases of the Lifetime Support Policy. Oracle has explicitly warned about the consequences of delayed patching, noting past incidents where attackers successfully compromised systems because “targeted customers had failed to apply available Oracle patches”.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 16 Apr 2025 09:15:18 +0000


Cyber News related to Oracle Security Update - Patch for 378 Vulnerabilities Including Remote Exploits

15 Best Patch Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive patch management for various operating systems, applications, and third-party software.It is complex for new users and requires time and training to utilize its functionalities fully.Advanced analytics ...
3 months ago Cybersecuritynews.com
Oracle’s First Security Update for 2023 Includes 327 New Patches - Oracle has released its first security update of 2023, delivering 327 new security fixes and patching a range of critical vulnerabilities. This update covers products spanning across Oracle’s Cloud portfolio, Fusion Middleware, Hyperion, E-Business ...
2 years ago Securityweek.com
Oracle Security Update - Patch for 378 Vulnerabilities Including Remote Exploits - “Oracle strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay,” the company stated in its advisory. Oracle Database Server versions 19.3-19.26, 21.3-21.17, ...
2 months ago Cybersecuritynews.com
Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
2 months ago Cybersecuritynews.com
CVE-2016-0635 - Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, ...
6 years ago
An Argument for Coordinated Disclosure of New Exploits - There were more than 23,000 vulnerabilities discovered and disclosed. While not all of them had associated exploits, it has become more and more common for there to be a proverbial race to the bottom to see who can be the first to release an exploit ...
1 year ago Darkreading.com
CVE-2009-3874 - Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary ...
6 years ago
How Patch Management Software Solves the Update Problem - I've never met an IT leader who doesn't know how important patch management is. At Heimdal, we believe patch management software provides the solution to this problem. Patch management software is a technology that allows businesses to automate the ...
11 months ago Heimdalsecurity.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
8 months ago Helpnetsecurity.com
How to conduct security patch validation and verification - Validation and verification are important steps in the security patch management lifecycle. They help to determine the impact of a patch on the security and efficiency of an organization's IT assets. Patch validation is the process of examining newly ...
1 year ago Techtarget.com
Cyber Security News Weekly Round-Up - The weekly cybersecurity news wrap-up provides readers with the latest information on emerging risks, vulnerabilities, ways to reduce them, and harmful schemes to help make defensive measures proactive. According to recent findings from Morphisec ...
1 year ago Cybersecuritynews.com CVE-2023-6317 CVE-2023-6320
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
2 months ago Cybersecuritynews.com
Key software patch testing best practices - To ensure a predictable rollout when a patch is deployed across your network, it is important to test it first in a nonproduction environment. Companies install software and firmware patches to fix bugs, remove vulnerabilities and add new features, ...
1 year ago Techtarget.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
1 year ago Feeds.dzone.com
Enhancing your DevSecOps with Wazuh, the open source XDR platform - As DevSecOps practices continue to evolve, Wazuh offers a flexible, open source platform that integrates security throughout the development and operations lifecycle. Implementing automated security scans for your software environment ensures ...
2 months ago Bleepingcomputer.com
Oracle says "obsolete servers" hacked, denies cloud breach - BleepingComputer has also separately confirmed with multiple Oracle customers that samples of the leaked data (including associated LDAP display names, email addresses, given names, and other identifying information) received from the threat actor ...
2 months ago Bleepingcomputer.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
Microsoft's January 2024 Patch Tuesday Addresses 49 Vulnerabilities, Including Two Critical Vulnerabilities - Microsoft's first Patch Tuesday of 2024 has arrived, and it's a significant one. The tech giant has released fixes for a total of 49 vulnerabilities, including 12 remote code execution vulnerabilities and two critical vulnerabilities. These ...
1 year ago Securityboulevard.com
Key Breakthroughs from RSA Conference 2025 - Day 1 - Sumo Logic unveiled intelligent security operations with capabilities like detection-as-code (bringing DevSecOps to threat detection), UEBA historical baselining (improving accuracy by learning behavior over time), multiple threat intelligence feeds, ...
1 month ago Cybersecuritynews.com Inception
Google Chrome 0-Day Vulnerability Exploited in the Wild - Update Now - The tech giant announced yesterday that Chrome’s Stable channel has been updated to version 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux to address four security issues, including a high-severity zero-day flaw. Google ...
1 month ago Cybersecuritynews.com CVE-2025-4609
Windows 10 KB5037768 update released with new features and 20 fixes - Microsoft has released the KB5037768 cumulative update for Windows 10 21H2 and Windows 10 22H2 with twenty changes, including account notifications in the Start Menu and Widgets on the lock screen. KB5037768 is a mandatory Windows 10 cumulative ...
1 year ago Bleepingcomputer.com
Five business use cases for evaluating Azure Virtual WAN security solutions - To help organizations who are evaluating security solutions to protect their Virtual WAN deployments, this article considers five business use cases and explains how Check Point enhances and complements Azure security with its best-of-breed, ...
1 year ago Blog.checkpoint.com
Windows 11 KB5035853 update released, here's what's new - Microsoft has released the KB5035853 cumulative update for Windows 11 23H3 and 22H2, with 21 fixes and changes, including fixing a bug causing 0x800F0922 errors when installing updates. This update is mandatory as it contains the Microsoft March 2024 ...
1 year ago Bleepingcomputer.com
What Is Cloud Security Management? Types & Strategies - Cloud security management is the process of safeguarding cloud data and operations from attacks and vulnerabilities through a set of cloud strategies, tools, and practices. The cloud security manager and the IT team are generally responsible for ...
1 year ago Esecurityplanet.com
6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
1 year ago Esecurityplanet.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)