InfoSecBulletin Cybersecurity for mankind
Oracle’s July 2025 Critical Patch Update was released fixing 309 security vulnerabilities across its products. The update impacts 34 key product families. Oracle Communications has the most patches at 112 vulnerabilities, followed by MySQL with 40 and Oracle Fusion Middleware.
145 remote vulnerabilities could be exploited without authentication, allowing attackers to breach systems without valid credentials.
Node.js Flaws Expose Windows Apps to Path Traversal & HashDoS Attacks
Broadcom fixes multiple vulnerabilities in VMware ESXi, Workstation, and Fusion
Oracle Patched 309 Vulnerabilities with 145 Remotely Exploitable Flaw
Microsoft Extends 365 Support Until 2028 with ESU Program
Meta’s $100B AI Push: Gigawatt-Size Data Centers Spark Water Crisis
4 vulns impact Gigabyte motherboards to UEFI malware bypassing Secure Boot
Wing FTP 2000+ Servers Exposed Online: Actively Exploiting
CVE-2025-7503 (CVSS 10)
Backdoor in popular IP Camera Allows Hackers Root Access
(CVE-2025-25257)
Patch Urgently! Exploits for pre-auth Fortinet FortiWeb RCE flaw released
GP launched appless ‘GP Shield’ to protect mobile for only 50 TK
Breakdown of Vulnerabilities by Products
Oracle’s flagship database products face significant security challenges with this update. The most critical database vulnerability, CVE-2025-30751, carries a CVSS score of 8.8 and affects Oracle Database Server versions 19.3-19.27 and 23.4-23.8.
Oracle Application Express (APEX) users face an even more severe threat with CVE-2025-50067, scoring 9.0 on the CVSS scale.
The vulnerability in the Strategic Planner Starter App could let attackers fully compromise the system with little user interaction.
The Java ecosystem also receives substantial attention with 11 new security patches for Oracle Java SE.
Critical vulnerabilities CVE-2025-50059 (CVSS 8.6) and CVE-2025-30749 (CVSS 8.1) impact networking and 2D components in various Java versions, including Oracle GraalVM.
These flaws could enable remote code execution in Java applications, particularly those running sandboxed applets or Web Start applications.
Oracle’s enterprise middleware stack faces significant security challenges, with WebLogic Server receiving 8 vulnerability patches, including the severe CVE-2025-30762 affecting T3 and IIOP protocols.
Fusion Middleware components contain multiple Apache Commons BeanUtils vulnerabilities (CVE-2025-48734) scoring 8.8, which could lead to remote code execution in enterprise applications.
The MySQL database ecosystem requires immediate attention with 40 security patches addressing various components from server core functionality to clustering mechanisms.
Notable vulnerabilities include CVE-2025-50076 and CVE-2025-50078 affecting DML operations, and optimizer-related flaws that could cause denial-of-service conditions.
The next Critical Patch Update is scheduled for October 21, 2025, followed by quarterly releases in January, April, and July 2026.
Organizations need to implement systematic patch management to tackle ongoing security issues, as Oracle identifies and fixes vulnerabilities in its extensive product range.
