Movatterモバイル変換

Cloud AccountSign in to Cloud Sign Up for Free Cloud Tier

Oracle Account

Critical Patch Updates, Security Alerts and Bulletins

This page lists announcements of security fixes made in Critical Patch Update Advisories, Security Alerts and Bulletins, and it is updated when new Critical Patch Update Advisories, Security Alerts and Bulletins are released.

Instructions for subscribing to email notifications of Critical Patch Update Advisories and Security Alerts.
Oracle Corporate Security Blog
Guidelines for reporting security vulnerabilities

This page contains the following sections:

Critical Patch Updates

Critical Patch Updates provide security patches for supported Oracle on-premises products. They are available to customers with valid support contracts. Critical Patch Updates are released on the third Tuesday of January, April, July, and October. The next four dates are:

20 January 2026
21 April 2026
21 July 2026
20 October 2026

A pre-release announcement will be published on the Thursday preceding each Critical Patch Update release.

The Critical Patch Updates released since 2020 are listed in the following table. Critical Patch Updates released before 2020 are availablehere.

Critical Patch Update	Latest Version/Date
Critical Patch Update - October 2025	Rev 1, 21 October 2025
Critical Patch Update - July 2025	Rev 4, 28 July 2025
Critical Patch Update - April 2025	Rev 2, 21 April 2025
Critical Patch Update - January 2025	Rev 2, 11 February 2025
Critical Patch Update - October 2024	Rev 2, 25 November 2024
Critical Patch Update - July 2024	Rev 3, 18 September 2024
Critical Patch Update - April 2024	Rev 2, 18 September 2024
Critical Patch Update - January 2024	Rev 5, 11 February 2025
Critical Patch Update - October 2023	Rev 5, 8 December 2023
Critical Patch Update - July 2023	Rev 1, 18 July 2023
Critical Patch Update - April 2023	Rev 2, 25 April 2023
Critical Patch Update - January 2023	Rev 3, 27 February 2023
Critical Patch Update - October 2022	Rev 3, 12 December 2022
Critical Patch Update - July 2022	Rev 4, 31 October 2022
Critical Patch Update - April 2022	Rev 9, 23 December 2024
Critical Patch Update - January 2022	Rev 7, 23 December 2024
Critical Patch Update - October 2021	Rev 3, 18 January 2022
Critical Patch Update - July 2021	Rev 7, 03 September 2021
Critical Patch Update - April 2021	Rev 6, 28 July 2021
Critical Patch Update - January 2021	Rev 3, 22 February 2021
Critical Patch Update - October 2020	Rev 6, 8 December 2020
Critical Patch Update - July 2020	Rev 8, 1 December 2020
Critical Patch Update - April 2020	Rev 11, 20 July 2020
Critical Patch Update - January 2020	Rev 7, 20 April 2020

Security Alerts

Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update. The Security Alerts released since 2020 are listed in the following table. Security Alerts released before 2020 are availablehere.

Security Alert Number And Description	Latest Version/Date
Alert for CVE-2025-61884	Rev 1, 11 October 2025
Alert for CVE-2025-61882	Rev 2, 06 October 2025
Alert for CVE-2024-21287	Rev 1, 18 November 2024
Alert for CVE-2022-21500	Rev 2, 25 May 2022
Alert for CVE-2021-44228	Rev 3, 17 December 2021
Alert for CVE-2020-14750	Rev 2, 06 November 2020

Solaris Third Party Bulletins

Solaris Third Party Bulletins are used to announce security patches for third party software distributed with Oracle Solaris. Solaris Third Party Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will be updated on the third Tuesday of the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates). In addition, Solaris Third Party Bulletins may also be updated for vulnerability patches deemed too critical to wait for the next scheduled publication date. Solaris Third Party Bulletins released before 2020 are availablehere.

Solaris Third Party Bulletin	Latest Version/Date
Solaris Third Party Bulletin - October 2025	Rev 2, 25 November 2025
Solaris Third Party Bulletin - July 2025	Rev 3, 23 September 2025
Solaris Third Party Bulletin - April 2025	Rev 3, 18 June 2025
Solaris Third Party Bulletin - January 2025	Rev 3, 18 March 2025
Solaris Third Party Bulletin - October 2024	Rev 4, 07 May 2025
Solaris Third Party Bulletin - July 2024	Rev 3, 24 September 2024
Solaris Third Party Bulletin - April 2024	Rev 3, 14 June 2024
Solaris Third Party Bulletin - January 2024	Rev 3, 19 March 2024
Solaris Third Party Bulletin - October 2023	Rev 3, 19 December 2023
Solaris Third Party Bulletin - July 2023	Rev 3, 19 September 2023
Solaris Third Party Bulletin - April 2023	Rev 3, 23 June 2023
Solaris Third Party Bulletin - January 2023	Rev 3, 20 March 2023
Solaris Third Party Bulletin - October 2022	Rev 4, 14 February 2023
Solaris Third Party Bulletin - July 2022	Rev 3, 20 September 2022
Solaris Third Party Bulletin - April 2022	Rev 3, 17 June 2022
Solaris Third Party Bulletin - January 2022	Rev 4, 15 March 2022
Solaris Third Party Bulletin - October 2021	Rev 3, 10 December 2021
Solaris Third Party Bulletin - July 2021	Rev 3, 14 September 2021
Solaris Third Party Bulletin - April 2021	Rev 3, 15 June 2021
Solaris Third Party Bulletin - January 2021	Rev 4, 16 March 2021
Solaris Third Party Bulletin - October 2020	Rev 4, 06 January 2021
Solaris Third Party Bulletin - July 2020	Rev 3, 15 September 2020
Solaris Third Party Bulletin - April 2020	Rev 3, 16 June 2020
Solaris Third Party Bulletin - January 2020	Rev 3, 16 March 2020

Oracle Linux Security Advisories

Oracle Linux Security Advisories are published athttps://linux.oracle.com/security/.

Map of CVE to Advisory/Alert

TheMap of CVE to Advisory/Alert indicates which CVEs are fixed in each Critical Patch Update and Security Alert. TheMap of CVE to Solaris Third Party Bulletin indicates which CVEs are fixed in each Solaris Third Party Bulletin.

Oracle CVEs not published in other Oracle public documents

The page provides Oracle CVEs which are not published in other Oracle public documents.

Policy on information provided in Critical Patch Updates and Security Alerts

As a matter of policy, Oracle will not provide additional information about the specifics of vulnerabilities beyond what is provided in the Critical Patch Update or Security Alert notification, the pre-installation notes, the readme files, and FAQs. Oracle provides all customers with the same information in order to protect all customers equally. Oracle will not provide advance notification or "insider information" on Critical Patch Update or Security Alerts to individual customers. Finally, Oracle does not distribute exploit code (or "proof of concept code") for vulnerabilities in our products.

Applicability of Critical Patch Updates and Security Alerts to Oracle Cloud

The Oracle Cloud operations and security teams regularly evaluate Oracle’s Critical Patch Updates and Security Alert fixes as well as relevant third-party fixes as they become available and apply the relevant patches in accordance with applicable change management processes.

Cloud customers requiring information that is not addressed in the Critical Patch Update Advisory may obtain information as follows:

Oracle Cloud (IaaS, PaaS, and SaaS) customers should submit a SR within their designated support system
Oracle Managed Cloud Services (OMCS) customers should contact their Service Delivery Manager (SDM) or Technical Account Manager (TAM)
CRM On Demand customers should request status via a Service Request (SR)
Global Business Units/Industry Cloud Services customers should submit a SR within their designated support system or, if applicable, contact their Customer Success Manager
OracleAdvertising customers should contact their Client Partner.
Oracle NetSuite customers should submit an Oracle NetSuite Support Case from within their Oracle NetSuite account.