CISA Flags Exploited Vulnerabilities in Adobe ColdFusion and Oracle Agile PLM

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two actively exploited security flaws affecting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog.

The identified vulnerabilities include:

• CVE-2017-3066 (CVSS 9.8) – A deserialization flaw in Adobe ColdFusion's Apache BlazeDS library, enabling arbitrary code execution. (Patched in April 2017)
• CVE-2024-20953 (CVSS 8.8) – A deserialization vulnerability in Oracle Agile PLM, allowing attackers with low privileges and network access via HTTP to compromise the system. (Fixed in January 2024)

While no public reports have surfaced regarding the exploitation of these specific flaws, a related Oracle Agile PLM vulnerability (CVE-2024-21287, CVSS 7.5) was actively exploited in late 2023.

To minimize security risks, organizations are urged to implement the necessary updates, with federal agencies required to patch their systems by March 17, 2025.

Meanwhile, cybersecurity firm GreyNoise has detected active exploitation of CVE-2023-20198, a previously patched vulnerability affecting Cisco devices. The activity has been traced to 110 malicious IP addresses, primarily from Bulgaria, Brazil, and Singapore.

Additionally, GreyNoise reported that two malicious IPs—originating from Switzerland and the U.S.—exploited CVE-2018-0171 between December 2024 and January 2025. This period coincides with cyber intrusions by Salt Typhoon, a Chinese state-sponsored hacking group that leveraged CVE-2023-20198 and CVE-2023-20273 to infiltrate telecom networks.