InfoSecBulletin Cybersecurity for mankind
Oracle’s July 2025 Critical Patch Update was released fixing 309 security vulnerabilities across its products. The update impacts 34 key product families. Oracle Communications has the most patches at 112 vulnerabilities, followed by MySQL with 40 and Oracle Fusion Middleware.
145 remote vulnerabilities could be exploited without authentication, allowing attackers to breach systems without valid credentials.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Breakdown of Vulnerabilities by Products
Oracle’s flagship database products face significant security challenges with this update. The most critical database vulnerability, CVE-2025-30751, carries a CVSS score of 8.8 and affects Oracle Database Server versions 19.3-19.27 and 23.4-23.8.
Oracle Application Express (APEX) users face an even more severe threat with CVE-2025-50067, scoring 9.0 on the CVSS scale.
The vulnerability in the Strategic Planner Starter App could let attackers fully compromise the system with little user interaction.
The Java ecosystem also receives substantial attention with 11 new security patches for Oracle Java SE.
Critical vulnerabilities CVE-2025-50059 (CVSS 8.6) and CVE-2025-30749 (CVSS 8.1) impact networking and 2D components in various Java versions, including Oracle GraalVM.
These flaws could enable remote code execution in Java applications, particularly those running sandboxed applets or Web Start applications.
Oracle’s enterprise middleware stack faces significant security challenges, with WebLogic Server receiving 8 vulnerability patches, including the severe CVE-2025-30762 affecting T3 and IIOP protocols.
Fusion Middleware components contain multiple Apache Commons BeanUtils vulnerabilities (CVE-2025-48734) scoring 8.8, which could lead to remote code execution in enterprise applications.
The MySQL database ecosystem requires immediate attention with 40 security patches addressing various components from server core functionality to clustering mechanisms.
Notable vulnerabilities include CVE-2025-50076 and CVE-2025-50078 affecting DML operations, and optimizer-related flaws that could cause denial-of-service conditions.
The next Critical Patch Update is scheduled for October 21, 2025, followed by quarterly releases in January, April, and July 2026.
Organizations need to implement systematic patch management to tackle ongoing security issues, as Oracle identifies and fixes vulnerabilities in its extensive product range.
