Oracle has released its quarterly Critical Patch Update (CPU) for July 2025, delivering 309 security patches across its extensive product portfolio.
The update, released on July 15, 2025, addresses critical vulnerabilities that could allow unauthorized access to enterprise systems, with several carrying the maximum CVSS 9.8 severity rating1.
Remote Code Execution Vulnerabilities
The most concerning vulnerabilities in this release include CVE-2025-31651 affecting Apache Tomcat components across multiple Oracle products, and CVE-2024-52046 impacting Apache Mina in Oracle Middleware Common Libraries.
Both vulnerabilities carry a CVSS score of 9.8 and are remotely exploitable without authentication, meaning attackers can exploit them over a network without requiring user credentials.
CVE-2025-31651 specifically affects Oracle Managed File Transfer, Oracle Retail Xstore Office, Oracle Agile Engineering Data Management, and Oracle Agile PLM systems.
The vulnerability allows attackers to achieve complete system compromise with high impact on confidentiality, integrity, and availability1. System administrators should prioritize patching these systems immediately.
Another widespread threat is CVE-2025-48734, affecting Apache Commons BeanUtils across numerous Oracle products with a CVSS score of 8.8.
This vulnerability requires low privileges but can be exploited over the network, affecting dozens of Oracle applications, including Oracle Data Integrator, Oracle Identity Manager, and Oracle WebLogic Server.
Java Runtime Environments Under Siege
Oracle Database Server receives 15 new security patches, with CVE-2025-30751 being the most critical at CVSS 8.8.
This vulnerability affects the core Oracle Database component and requires “Create Session” and “Create Procedure” privileges, potentially allowing attackers to compromise database integrity and access sensitive information.
The Java ecosystem faces significant threats with 11 new patches for Oracle Java SE. CVE-2025-50059 in the Networking component carries a CVSS score of 8.6 and affects multiple Java versions, including 8u451-perf, 11.0.27, 17.0.15, 21.0.7, and 24.0.1.
Another critical Java vulnerability, CVE-2025-30749 in the 2D component, scores 8.1 on the CVSS scale and impacts the same version range.
Enterprise Applications Face Substantial Security Overhaul
Oracle MySQL products receive the largest number of patches, with 40 security updates, indicating the significant security attention required for database management systems.
Notable vulnerabilities include CVE-2024-9287 affecting MySQL Workbench with a CVSS score of 7.8, and CVE-2025-32415 in MySQL Workbench’s libxml2 component scoring 7.51.
Oracle strongly recommends immediate deployment of these patches, emphasizing that attackers have previously succeeded in exploiting unpatched Oracle vulnerabilities.
The company notes that customers on actively supported versions should apply Critical Patch Updates without delay to maintain security posture1.
Organizations should prioritize patching systems with remotely exploitable vulnerabilities, particularly those with CVSS scores above 8.0, and implement proper testing procedures before production deployment to ensure business continuity while maintaining security.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant updates
%20(1).webp?resize=1600,900&ssl=1&description=The update, released on July 15, 2025, addresses critical vulnerabilities that could allow unauthorized access to enterprise systems,){kind=link}