Oracle Releases Multiple Critical Patches - 20250122001

Overview

Oracle has published a critical patch advisory that includes 318 patches across 27 products. Oracle has stated that they are aware of actors successfully exploiting known vulnerabilities in their products.

What is vulnerable?

Please review the Oracle Critical Patch Update Advisory - January 2025 for details regarding the vulnerabilities and affected products.

Critical Severity

CVE	CVSS
CVE-2025-21524	9.8
CVE-2023-3961	9.8
CVE-2024-23807	9.8
CVE-2023-46604	9.8
CVE-2024-45492	9.8
CVE-2024-56337	9.8
CVE-2025-21535	9.8
CVE-2016-1000027	9.8
CVE-2023-29824	9.8

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe as shown in Patch Management:

• Oracle: https://www.oracle.com/security-alerts/cpujan2025.html

Additional Refernces

• TheHackerNews: https://thehackernews.com/2025/01/oracle-releases-january-2025-patch-to.html

Change Log

• 2025-01-22: Initial publication
• 2025-01-23: Added critically rated CVEs and reference