Oracle’s 318-Patch January Update Stuns With Scale

Altus Intel
Altus Intel
  • Date Time

oracle update security of 2025 (Critical Patch Update, CPU) containing corrections for 318 vulnerabilities in various products and services of the company. Among them, an extremely dangerous vulnerability in Oracle Agile Product LifeCle management (PLM) FR Amework ( cve-2025-21556 ), which has a rating of CVSS 9.9.

The problem allows attackers with minimal privileges and network access through HTTP to fully compromise the vulnerable systems of Agile PLM Framework. The National Base of Vulnerability Data describes this problem as “easily operated”, which makes it extremely dangerous for organizations using the specified by.

It is noteworthy that Oracle previously warned of active attempts to operate another vulnerability in Agile PLM Framework ( cve-2024- 21287, CVSS 7.5), identified in November 2024. Both problems affect the versions of Agile PLM Framework 9.3.6.

According to Eric Maurice, Oracle Vice President, “Users must immediately establish a January security update, including corrections for CVE-2024-21287 and other critical vulnerabilities.”

Among other vulnerabilities that received 9.8 ratings on the CVSS scale, the following were eliminated:

  • CVE-2025-21524 -in the component of the Monitoring and Diagnostics Sec system JD Edwards Enterpriseone Tools.
  • cve-2023-3961 -in the component E1 Dev Platform Tech ( Samba) JD Edwards Enterpriseone Tools.
  • cve-2024-23807 -in the component of the syntactic analyzer XML Apache Xerces C ++ in Oracle Agile Engineering Data Management
  • CVE-2023-46604 – In the Apache Activemq component, the Communications Diameter Signaling Router router.
  • cve-2024-45492 -in the XML Parser (Libexpat) which is used in Oracle Communications Network Analytics Dita Director.
  • cve-2024-56337 -in the component of the Apache Tomcle server in Oracle Communications Policy Management.
  • cve-2025-21535 -in the Core component of Weblogic Server.

Particular attention was attracted by the vulnerability of CVE-2025-21535, which is similar to cve-2020-2883 (CVSS 9.8), previously actively operated in Oracle Weblogic Server. Earlier this month, the US Cybersecurity and Infrastructure Security Agency (CISA) added

/Reports, release notes, official announcements.

© 2025 - Altus Intel