Oracle has released 374 new security patches as part of its October 2025 Critical Patch Update (CPU), including over 230 fixes for vulnerabilities that are remotely exploitable without authentication. If left unpatched, these flaws could lead to remote code execution, unauthorized access, or data compromise.

Affected products include, but are not limited to:

• Oracle Java SE
• Oracle E-Business Suite (EBS)  
• Oracle Database   
• Oracle Fusion Middleware
• Oracle Enterprise Manager
• Oracle JD Edwards    

Security Risks

The successful exploitation of these vulnerabilities poses a significant security risk, as remote attackers could potentially exploit them to gain control over the affected system.

For the full list of security updates released by Oracle, please refer to Critical Patch Updates.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends that users and system administrators:

1. Upgrade, as soon as possible, to the latest supported version of installed software in order to continue receiving technical support and security patches.

2. Before updating or patching, please ensure that you have the latest backup that can easily be restored.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009.

References

• Oracle Critical Patch Update Advisory - October 2025
• Oracle Critical Patch Updates, Security Alerts and Bulletins