1. 主頁
  2. 保安警報
  3. 保安警報 (A25-04-15)

保安警報 (A25-04-15): Oracle Java 及 Oracle 產品多個漏洞 (2025年4月)


 

發布日期: 2025年 4月 16日

  
  

描述:

Oracle 發布了重要修補程式更新公告,包括一系列應對 Java SE 和不同 Oracle 產品中多個安全漏洞的修補程式。有關修補程式的列表,請參考以下網址:
https://www.oracle.com/security-alerts/cpuapr2025.html

 

受影響的系統:

  • Oracle Java SE
  • Database
  • Fusion Applications and Middleware
  • Oracle MySQL Product Suite
  • Oracle and Sun Systems Products Suite
  • Oracle Linux and Virtualization

有關受影響產品的完整列表,請參閱以下網址:


https://www.oracle.com/security-alerts/cpuapr2025.html

 

影響:

成功利用漏洞可以導致受影響的系統發生遠端執行程式碼、服務被拒絕、權限提升、泄漏資訊、繞過保安限制或篡改,視乎攻擊者利用哪個漏洞而定。

 

建議:

現已有適用於受影響系統的修補程式。受影響系統的用戶應遵從產品供應商的建議,立即採取行動以降低風險。

Oracle Java SE 產品的修補程式可從以下連結下載:
Java Platform SE 8u451 (JDK 及 JRE)
Java Platform SE 11.0.27 (JDK 及 JRE)
Java Platform SE 17.0.15 (JDK 及 JRE)
Java Platform SE 21.0.7 (JDK 及 JRE)
Java Platform SE 24.0.1 (JDK 及 JRE)
https://www.oracle.com/java/technologies/javase-downloads.html

OpenJDK 的修補程式可從以下連結下載:
https://jdk.java.net/

用戶也可通過以下安全公告,以獲取其他 Oracle 產品安全更新方面的資訊:
https://www.oracle.com/security-alerts/cpuapr2025.html

用戶可聯絡其產品支援供應商,以取得修補程式及相關支援。

 

進一步資訊:

  • https://www.oracle.com/security-alerts/cpuapr2025.html
  • https://www.hkcert.org/tc/security-bulletin/oracle-products-multiple-vulnerabilities_20250416
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13936
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25649
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36843
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23450
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28170
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41184
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34381
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36033
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45047
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5388
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5685
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25399
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26464
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37536
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39410
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46589
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49582
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51074
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51441
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52428
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1135
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4227
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5206
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5535
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6763
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7254
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9143
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9902
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11612
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12797 (to CVE-2024-12798)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21538
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22243
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23807
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24549
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25638
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25710
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28168
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28834
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29025
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29857
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30172
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31141
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32007
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34064
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35195
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36114
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37891
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38357
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38819 (to CVE-2024-38820)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38827 (to CVE-2024-38828)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39338
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40896
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42367
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43044
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43709
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43796
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45613
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47072
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47197
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47535
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47554
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47561
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47606
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49767
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49771
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50602
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52046
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52303
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52316
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53122
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54534
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56128
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56337
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57699
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1974
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21573 (to CVE-2025-21588)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23083 (to CVE-2025-23084)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23184
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24813
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24928
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24970
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27363
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27516
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27789
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30681 (to CVE-2025-30733)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30735 (to CVE-2025-30737)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30740
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31721


標籤 : Oracle , Java , Oracle Database , Fusion , MySQL , Sun Systems , Oracle Linux , Virtualization
標籤