The most critical flaws, with a CVSS score of 9.9, affect the Oracle Supply Chain product range, namely Oracle Agile Engineering Data Management version 6.2.1 and Oracle Agile PLM Framework version 9.3.6. At least five other vulnerabilities have been allocated a 9.8 CVSS score, suggesting high severity. The finalized January 2025 Critical Patch Update is scheduled for release on January 21. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update patches as soon as possible.

‍