The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities in question are listed below –
- CVE-2017-3066 (CVSS score: 9.8) – A deserialization vulnerability impacting Adobe ColdFusion in the Apache BlazeDS library that allows for arbitrary code execution. (Fixed in April 2017)
- CVE-2024-20953 (CVSS score: 8.8) – A deserialization vulnerability impacting Oracle Agile PLM that allows a low-privileged attacker with network access via HTTP to compromise the system. (Fixed in January 2024)
There are currently no public reports referencing the exploitation of the vulnerabilities, although another flaw impacting Oracle Agile PLM (CVE-2024-21287, CVSS score: 7.5) came under active abuse late last year.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
To mitigate the risks posed by potential attacks weaponizing these flaws, it’s recommended that users take steps to apply the necessary updates. Federal agencies have time until March 17, 2025, to secure their networks against the threats.
The development comes as threat intelligence firm GreyNoise revealed active exploitation attempts targeting CVE-2023-20198, a now-patched security flaw affecting vulnerable Cisco devices.
As many as 110 malicious IPs, mainly originating from Bulgaria, Brazil, and Singapore have been linked to the malicious activity.
“Two malicious IPs exploited CVE-2018-0171 in December 2024 and January 2025, originating from Switzerland and the United States — the same period when Salt Typhoon, a Chinese state-sponsored threat group, reportedly breached telecom networks using CVE-2023-20198 and CVE-2023-20273,” the GreyNoise Research Team said.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer