Oracle has announced the release of critical updates for its products in the form of the April Critical Patch Update, aimed at addressing critical issues and vulnerabilities. This update targets a total of 481 vulnerabilities.
Among the key issues addressed in this update are:
-
- Java SE: The update fixes 11 security vulnerabilities in Java SE, with 7 of them being remote code execution vulnerabilities that do not require authentication. The three most severe issues, rated at a level of 7.5, impact JavaFX (WebKitGTK), JAXP, and networking. These vulnerabilities have been resolved in Java SE 26.0.1, 25.0.3, 21.0.11, 17.0.19, 11.0.31, and 8u491 releases.
- MySQL Server: The update addresses 27 vulnerabilities in the MySQL server, with one critical vulnerability (CVE-2025-15467) that could be exploited remotely due to a buffer overflow in the OpenSSL library. This vulnerability has been rated at 9.8. Other issues impact various components such as the optimizer, JSON parser, replication system, InnoDB, DML, GIS indexes, partitioning mechanism, and database schema handler. The fixes are available in MySQL Community Server 9.7.0, 8.4.9, and 8.0.46.
- VirtualBox: The update addresses 9 vulnerabilities in VirtualBox, with five being marked as dangerous (7.5 out of 10). One of the vulnerabilities can be exploited remotely over the network, although specific details about the nature of the
/Reports, release notes, official announcements.