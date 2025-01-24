Oracle has delivered its regular quarterly collection of patches: 603 in total, 318 for its own products, and another 285 for Linux code it ships.

Big Red’s VP of security assurance Eric Maurice singled out one patch as worthy of particular attention: The fix addresses CVE-2025-21556, a CVSS 9.9-out-of-10-rated vulnerability in Oracle’s Agile Product Lifecycle Management (PLM) Framework which allows a low-privileged attacker with network access to compromise that tool, and through it other Oracle products.

Maurice urged action because in November 2024 Oracle published an out-of-band security alert for the Agile PLM Framework. He wrote that the patch delivered on Wednesday “includes patches for this alert as well as additional patches.”