According to evidence of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency ( CISA ) has two security flaws to the Known Exploited Vulnerabilities ( ) catalog to affect Adobe ColdFusion and Oracle Agile Product Lifecycle Management ( PLM).
Below are the cited flaws.
- CVE-2017-3066 ( CVSS score: 9.8 )- A deserialization vulnerability impacting Adobe ColdFusion in the Apache BlazeDS catalogue that allows for arbitrary code murder. ( Fixed in April 2017 )
- ( CVSS score: 8.8 )- A deserialization vulnerability impacting Oracle Agile PLM that allows a low-privileged attacker with network access via HTTP to compromise the system. ( Fixed in )
There are currently no public reports referencing the exploitation of the vulnerabilities, although another flaw impacting Oracle Agile PLM ( , CVSS score: 7.5 ) came under active abuse late last year.
It’s suggested that people take steps to implement the necessary updates in order to reduce the risks posed by potential attacks aimed at weaponizing these flaws. Federal authorities have until March 17, 2025, to protect their networks from dangers.
The development comes as Grey Noise, a security flaw that is currently being fixed and affecting vulnerable Cisco equipment, revealed active abuse attempts to hack CVE-2023-20198, a threat intelligence organization.
As many as 110 harmful Firewall, generally originating from Bulgaria, Brazil, and Singapore have been linked to the nefarious activity.
” Two harmful Firewall exploited CVE-2018-0171 in December 2024 and January 2025, originating from Switzerland and the United States — the same time when , a Chinese state-sponsored risk group, reportedly breached telecoms networks using CVE-2023-20198 and CVE-2023-20273″, the GreyNoise Research Team .