一、漏洞簡述
Oracle 釋出 10 月份安全性更新,總計修補 170 個漏洞,影響範圍橫跨資料庫、應用伺服器、中介軟體、金融系統、ERP、雲端服務、虛擬化平台、開發工具等大量產品。本次更新中多項漏洞可被遠端未經身分驗證攻擊者利用,可能造成任意程式碼執行、權限提升、資訊外洩等重大風險,請務必儘速評估並部署相應修補。
二、設備/版本影響
以下 Oracle 產品均受影響(依原文完整列示):
Enterprise Manager Base Platform
GoldenGate Stream Analytics
Identity Manager
JD Edwards EnterpriseOne Orchestrator
JD Edwards EnterpriseOne Tools
Management Cloud Engine
Management Pack for Oracle GoldenGate
MySQL Cluster
MySQL Enterprise Backup
MySQL Server
MySQL Shell
MySQL Workbench
Oracle Application Testing Suite
Oracle Banking Branch
Oracle Banking Corporate Lending Process Management
Oracle Banking Origination
Oracle BI Publisher
Oracle Business Intelligence Enterprise Edition
Oracle Coherence
Oracle Commerce Guided Search
Oracle Commerce Platform
Oracle Communications Billing and Revenue Management
Oracle Communications Calendar Server
Oracle Communications Cloud Native Core Automated Test Suite
Oracle Communications Cloud Native Core Binding Support Function
Oracle Communications Cloud Native Core Certificate Management
Oracle Communications Cloud Native Core Console
Oracle Communications Cloud Native Core DBTier
Oracle Communications Cloud Native Core Network Function Cloud Native Environment
Oracle Communications Cloud Native Core Network Repository Function
Oracle Communications Cloud Native Core Network Slice Selection Function
Oracle Communications Cloud Native Core Policy
Oracle Communications Cloud Native Core Security Edge Protection Proxy
Oracle Communications Cloud Native Core Service Communication Proxy
Oracle Communications Cloud Native Core Unified Data Repository
Oracle Communications Contacts Server
Oracle Communications Converged Charging System
Oracle Communications Convergence
Oracle Communications Convergent Charging Controller
Oracle Communications Diameter Signaling Router
Oracle Communications EAGLE Element Management System
Oracle Communications EAGLE LNP Application Processor
Oracle Communications LSMS
Oracle Communications Messaging Server
Oracle Communications Network Analytics Data Director
Oracle Communications Network Charging and Control
Oracle Communications Network Integrity
Oracle Communications Offline Mediation Controller
Oracle Communications Operations Monitor
Oracle Communications Order and Service Management
Oracle Communications Pricing Design Center
Oracle Communications Service Catalog and Design
Oracle Communications Session Border Controller
Oracle Communications Unified Assurance
Oracle Communications Unified Inventory Management
Oracle Database Server
Oracle Documaker
Oracle E-Business Suite
Oracle Enterprise Communications Broker
Oracle Enterprise Data Quality
Oracle Enterprise Manager for Fusion Middleware
Oracle Enterprise Operations Monitor
Oracle Essbase
Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Behavior Detection Platform
Oracle Financial Services Compliance Studio
Oracle Financial Services Model Management and Governance
Oracle Financial Services Revenue Management and Billing
Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition
Oracle Fusion Middleware MapViewer
Oracle Global Lifecycle Management NextGen OUI Framework
Oracle GoldenGate
Oracle GoldenGate Big Data and Application Adapters
Oracle GoldenGate Stream Analytics
Oracle GoldenGate Studio
Oracle GoldenGate Veridata
Oracle GraalVM Enterprise Edition
Oracle GraalVM for JDK
Oracle Graph Server and Client
Oracle Health Sciences Data Management Workbench
Oracle Healthcare Data Repository
Oracle Healthcare Master Person Index
Oracle Hospitality Cruise Shipboard Property Management (SPMS)
Oracle Hyperion Calculation Manager
Oracle Hyperion Data Relationship Management
Oracle Hyperion Financial Management
Oracle Hyperion Infrastructure Technology
Oracle Hyperion Planning
Oracle Insurance Policy Administration J2EE
Oracle Java SE
Oracle JDeveloper
Oracle Life Sciences InForm
Oracle Middleware Common Libraries and Tools
Oracle Outside In Technology
Oracle REST Data Services
Oracle Retail Advanced Inventory Planning
Oracle Retail Financial Integration
Oracle Retail Integration Bus
Oracle Retail Invoice Matching
Oracle Retail Merchandising System
Oracle Retail Price Management
Oracle Retail Sales Audit
Oracle Retail Service Backbone
Oracle Retail Xstore Office
Oracle Retail Xstore Point of Service
Oracle Secure Backup
Oracle Security Service
Oracle SOA Suite
Oracle Solaris
Oracle Solaris Cluster
Oracle Spatial Studio
Oracle TimesTen In-Memory Database
Oracle Transportation Management
Oracle Utilities Application Framework
Oracle Utilities Network Management System
Oracle VM VirtualBox
Oracle WebCenter Forms Recognition
Oracle WebCenter Portal
Oracle WebCenter Sites
Oracle WebLogic Server
Oracle ZFS Storage Appliance Kit
PeopleSoft Enterprise CS Financial Aid
PeopleSoft Enterprise FIN IT Asset Management
PeopleSoft Enterprise FIN Maintenance Management
PeopleSoft Enterprise FIN Payables
PeopleSoft Enterprise PeopleTools
Primavera Gateway
Primavera P6 Enterprise Project Portfolio Management
Primavera Unifier
Retail Predictive Application Server
Siebel Applications
三、建議處置
目前 Oracle 官方已釋出修補更新,請各機關可聯絡系統維護廠商或參考以下連結:
https://www.oracle.com/security-alerts/cpuoct2025.html
四、相關連結
https://www.oracle.com/security-alerts/cpuoct2025.html