Oracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates.
Background
On April 15, Oracle released its Critical Patch Update (CPU) for April 2025, the second quarterly update of the year. This CPU contains fixes for 171 unique CVEs in 378 security updates across 32 Oracle product families. Out of the 378 security updates published this quarter, 10.6% of patches were assigned a critical severity. Medium severity patches accounted for the bulk of security patches at 54.5%, followed by high severity patches at 32.3%.
This quarter’s update includes 40 critical patches across 15 CVEs.
| Severity | Issues Patched | CVEs |
|---|---|---|
| Critical | 40 | 15 |
| High | 122 | 52 |
| Medium | 206 | 98 |
| Low | 10 | 6 |
| Total | 378 | 171 |
Analysis
This quarter, the Oracle SQL Developer product family contained the highest number of patches at 103, accounting for 27.3% of the total patches, followed by Oracle Hyperion at 43 patches, which accounted for 11.4% of the total patches.
A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.
| Oracle Product Family | Number of Patches | Remote Exploit without Auth |
|---|---|---|
| Oracle SQL Developer | 103 | 82 |
| Oracle Hyperion | 43 | 2 |
| Oracle Secure Backup | 42 | 35 |
| Oracle Communications | 34 | 22 |
| Oracle E-Business Suite | 31 | 26 |
| Oracle Commerce | 16 | 11 |
| Oracle E […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Security Boulevard
Read the original article: Post navigation |