Oracle Urges Customers to Apply January 2025 Critical Patch Update
January 22, 2025
Oracle Security Alert
Oracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security vulnerabilities spanning its products and services.
Severe Vulnerability in Oracle Agile Product Lifecycle Management (PLM) Framework
The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management (PLM) Framework (CVE-2025-21556, CVSS score: 9.9) that could allow an attacker to seize control of susceptible instances.
Easily Exploitable Vulnerability
"Easily exploitable vulnerability allows low privileged attackers with network access via HTTP to compromise Oracle Agile PLM Framework," according to a cybersecurity guide.
Other Critical Vulnerabilities
CVE-2025-21535 is also similar to CVE-2020-2883 (CVSS score: 9.8), another critical security vulnerability in Oracle WebLogic Server that could be exploited by an unauthenticated attacker with network access via IIOP or T3.
U.S. Cybersecurity and Infrastructure Security Agency (CISA) Alert
Earlier this month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2020-2883 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active in-the-wild exploitation.
Additional Vulnerability Addressed by Oracle
Oracle is also addressing CVE-2024-37371 (CVSS score: 9.1), a critical Kerberos 5 flaw affecting its Communications Billing and Revenue Management that could permit an attacker to "cause invalid memory reads by sending message tokens with invalid length fields."
Action Required
Users are advised to apply the necessary patches to keep their systems up-to-date and avoid potential security risks.
Stay Informed
Follow us on Twitter and LinkedIn to read more exclusive content we post.
Related Resources
- Oracle Security Alerts: https://www.oracle.com/security-alerts/
- CVE-2025-21556: https://nvd.nist.gov/vuln/detail/cve-2025-21556
- CVE-2025-21535: https://nvd.nist.gov/vuln/detail/cve-2025-21535
- CVE-2024-37371: https://nvd.nist.gov/vuln/detail/cve-2024-37371
Source Link
