Although the list of 318 security updates does not immediately show the risk ratings with CVSS values, a look at the descriptions quickly shows that the package contains a lot of critical updates with ratings between 9.0 and 10, as well as many highly dangerous vulnerabilities.
The January 2025 Oracle Critical Patch Update contains 318 security updates for numerous products. A risk matrix shows the affected components and CVSS scores for risk assessment. Workarounds provide temporary protection measures if direct patching is not possible. Oracle emphasizes the importance of timely updates as attacks on known vulnerabilities continue to be monitored.
Many critical vulnerabilities
The list of critical vulnerabilities with CVSS scores 9.0 to 10 is almost overwhelming. Administrators should take the warnings seriously and implement the updates immediately. Oracle has already warned that active attacks on the vulnerabilities were probably observed beforehand. Oracle is also focusing on an existing patch: This security warning fixes the CVE-2024-21287 vulnerability in Oracle Agile Product Lifecycle Management (PLM). This vulnerability can be exploited remotely without authentication, i.e. it can be exploited over a network without requiring a user name and password. If successfully exploited, this vulnerability can lead to file disclosure.
More at Oracle.com