\nOracle released its second quarterly edition of this year\u2019s Critical Patch Update. The update received patches for **309** security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.<\/p>\n
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 84, constituting about 27% of the total patches released. Oracle MySQL and Oracle Fusion Middleware followed, with 40 and 36 security patches.<\/p>\n
228 of the 309 security patches provided by the April Critical Patch Update (about 74%) are for non-Oracle CVEs, such as open-source components included and exploitable in the context of their Oracle product distributions.<\/p>\n
This batch of security patches received 15 updates for Oracle Database products. The following is the product-wise distribution:<\/p>\n
* Six new security updates for Oracle Database Server with a maximum reported CVSS Base Score of 8.8.
* One of these updates applies to client-only deployments of the Oracle Database.
* One new security update for Oracle Application Express with a maximum reported CVSS Base Score of 9.0.
* One new security update for Oracle Blockchain Platform with a maximum reported CVSS Base Score of 6.5.
* Five new security updates for Oracle GoldenGate with a maximum reported CVSS Base Score of 7.5.
* One new security update for Oracle NoSQL Database with a maximum reported CVSS Base Score of 3.7.
* One new security update for Oracle REST Data Services with a maximum reported CVSS Base Score of 6.1.<\/p>\n
In these security updates, Oracle has covered product families, including Oracle Database Server, Oracle Application Express, Oracle Blockchain Platform, Oracle GoldenGate, Oracle NoSQL Database, Oracle REST Data Services, Oracle Commerce, Oracle Communications Applications, Oracle Communications, Oracle Construction and Engineering, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle Financial Services Applications, Oracle Fusion Middleware, Oracle Analytics, Oracle HealthCare Applications, Oracle Hospitality Applications, Oracle Hyperion, Oracle Insurance Applications, Oracle Java SE, Oracle JD Edwards, Oracle MySQL, Oracle PeopleSoft, Oracle Retail Applications, Oracle Siebel CRM, Oracle Supply Chain, Oracle Utilities Applications, Oracle Virtualization.<\/p>\n
## Qualys QID Coverage<\/p>\n
Qualys has released the following QIDS mentioned in the table:<\/p>\n
**QIDs**| **Title**
—|—
20487| Oracle Database 21c Critical Patch Update – July 2025
20488| Oracle Database 19c Critical Patch Update – July 2025
20490| Oracle MySQL Server July 2025 Critical Patch Update (CPUJUL2025)
383578| Oracle Java Standard Edition (SE) Critical Patch Update – July 2025 (CPUJUL2025)
383580| Oracle Coherence July 2025 Security Patch Update (CPUJUL2025)
383586| Oracle Managed Virtualization (VM) VirtualBox Multiple Security Vulnerabilities (CPUJUL2025)
296127| Oracle Solaris 11.4 Support Repository Update (SRU) 83.195.1 Missing (CPUJUL2025)
87583| Oracle WebLogic Server Multiple Vulnerabilities (CPUJUL2025) <\/p>\n
**Note:** The table will be updated with additional QIDs once released.<\/p>\n
## Notable Oracle Vulnerabilities Patched<\/p>\n
### Oracle Communications<\/p>\n
This Critical Patch Update for Oracle Communications received 84 security patches. Out of these, 50 vulnerabilities can be exploited over a network without user credentials.<\/p>\n
CVE-2024-25638, CVE-2025-48734, CVE-2024-47606, CVE-2024-1135, CVE-2025-23016, CVE-2025-27363, and CVE-2023-27349 in different Oracle Communications products have high severity ratings.<\/p>\n
### Oracle MySQL<\/p>\n
This Critical Patch Update for Oracle MySQL received 40 security patches. Out of these, three vulnerabilities can be exploited over a network without user credentials.<\/p>\n
CVE-2024-9287 and CVE-2025-32415 in MySQL Workbench have high severity ratings. An attacker may exploit these vulnerabilities without privileges in a low-complexity network attack.<\/p>\n
### Oracle Fusion Middleware<\/p>\n
This Critical Patch Update for Oracle Fusion Middleware received 36 security patches. Out of these, 22 vulnerabilities can be exploited over a network without user credentials.<\/p>\n
CVE-2025-31651 and CVE-2024-52046 in different Oracle Fusion Middleware products have critical severity ratings with a CVSS score of 9.8. A remote attacker may exploit these vulnerabilities without privileges in a low-complexity network attack.<\/p>\n
### Oracle Communications Applications<\/p>\n
This Critical Patch Update for Oracle Communications Applications received 29 security patches. One of the vulnerabilities can be exploited over a network without user credentials.<\/p>\n
CVE-2025-48734 and CVE-2024-56406 in different Oracle Communications Applications products have high severity ratings with a CVSS score of 8.8 and 8.6. A remote attacker may exploit these vulnerabilities without privileges in a low-complexity network attack.<\/p>\n
### Oracle Financial Services Applications<\/p>\n
This Critical Patch Update for Oracle Financial Services Applications received 18 security patches. Out of these, 13 vulnerabilities can be exploited over a network without user credentials.<\/p>\n
CVE-2025-48734 impacting different Oracle Financial Services Applications products has high severity ratings with a CVSS score of 8.8. A remote attacker may exploit these vulnerabilities without privileges in a low-complexity network attack.\n<\/p><\/div>\n
View Advisory Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Security Update News Update Information Title Oracle Critical Patch Update, July 2025 Security Update Review Update ID QUALYSBLOG:8C2F84692E102A4F618830DA114675FF Type qualysblog Published 2025-07-16T14:55:11 Last Updated 2025-07-16T14:55:11…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[9,6,8,36,12,13,120,7,11,5],"class_list":["post-8250","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-critical","tag-cve","tag-cvss","tag-cvss-100","tag-exploit","tag-news","tag-qualysblog","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n
Oracle Critical Patch Update, July 2025 Security Update Review - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=8250\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Oracle Critical Patch Update, July 2025 Security Update Review - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Security Update News Update Information Title Oracle Critical Patch Update, July 2025 Security Update Review Update ID QUALYSBLOG:8C2F84692E102A4F618830DA114675FF Type qualysblog Published 2025-07-16T14:55:11 Last Updated 2025-07-16T14:55:11...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=8250\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-16T11:36:40+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=8250#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=8250\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Oracle Critical Patch Update, July 2025 Security Update Review\",\"datePublished\":\"2025-07-16T11:36:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=8250\"},\"wordCount\":789,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CRITICAL\",\"CVE\",\"CVSS\",\"CVSS-10.0\",\"exploit\",\"news\",\"qualysblog\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=8250#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=8250\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=8250\",\"name\":\"Oracle Critical Patch Update, July 2025 Security Update Review - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-07-16T11:36:40+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=8250#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=8250\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=8250#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Oracle Critical Patch Update, July 2025 Security Update Review\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Oracle Critical Patch Update, July 2025 Security Update Review - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=8250","og_locale":"en_US","og_type":"article","og_title":"Oracle Critical Patch Update, July 2025 Security Update Review - zero redgem","og_description":"Security Update News Update Information Title Oracle Critical Patch Update, July 2025 Security Update Review Update ID QUALYSBLOG:8C2F84692E102A4F618830DA114675FF Type qualysblog Published 2025-07-16T14:55:11 Last Updated 2025-07-16T14:55:11...","og_url":"https:\/\/zero.redgem.net\/?p=8250","og_site_name":"zero redgem","article_published_time":"2025-07-16T11:36:40+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=8250#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=8250"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Oracle Critical Patch Update, July 2025 Security Update Review","datePublished":"2025-07-16T11:36:40+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=8250"},"wordCount":789,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CRITICAL","CVE","CVSS","CVSS-10.0","exploit","news","qualysblog","Security","tapic","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=8250#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=8250","url":"https:\/\/zero.redgem.net\/?p=8250","name":"Oracle Critical Patch Update, July 2025 Security Update Review - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-07-16T11:36:40+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=8250#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=8250"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=8250#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Oracle Critical Patch Update, July 2025 Security Update Review"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/8250","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8250"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/8250\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8250"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8250"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8250"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}