Oracle released its October 2025 Critical Patch Update, addressing security vulnerabilities in a wide range of Oracle products. The advisory highlights the importance of applying the latest patches to mitigate risks associated with these vulnerabilities, which could potentially allow attackers to compromise affected systems. The update includes fixes for several critical flaws, including two severe vulnerabilities in Oracle Marketing products (CVE-2025-53072 and CVE-2025-62481) that could enable full system takeover if left unpatched.
Security agencies have urged organizations to review Oracle's advisory and implement the recommended updates promptly to protect their environments. The vulnerabilities span multiple Oracle product lines, underscoring the need for comprehensive patch management and timely response to vendor advisories to reduce exposure to exploitation and potential business impact.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
2 events from the most recent confirmed update back to the earliest known activity.
Public reporting and government advisory coverage identified CVE-2025-53072 and CVE-2025-62481 as critical Oracle Marketing vulnerabilities that could enable severe compromise, including potential full takeover if left unpatched. The disclosures emphasized immediate patching as the recommended mitigation.
Oracle released its October 2025 quarterly security update addressing multiple vulnerabilities across its products, including flaws affecting Oracle Marketing components. The advisory prompted organizations to review and apply the available patches.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.