Oracle Releases Multiple Critical Patches - 20250122001¶
Overview¶
Oracle has published a critical patch advisory that includes 318 patches across 27 products. Oracle has stated that they are aware of actors successfully exploiting known vulnerabilities in their products.
What is vulnerable?¶
Please review the Oracle Critical Patch Update Advisory - January 2025 for details regarding the vulnerabilities and affected products.
Critical Severity¶
CVE | CVSS |
---|---|
CVE-2025-21524 | 9.8 |
CVE-2023-3961 | 9.8 |
CVE-2024-23807 | 9.8 |
CVE-2023-46604 | 9.8 |
CVE-2024-45492 | 9.8 |
CVE-2024-56337 | 9.8 |
CVE-2025-21535 | 9.8 |
CVE-2016-1000027 | 9.8 |
CVE-2023-29824 | 9.8 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe as shown in Patch Management:
Additional Refernces¶
Change Log¶
- 2025-01-22: Initial publication
- 2025-01-23: Added critically rated CVEs and reference