According to evidence of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency ( CISA ) has two security flaws to the Known Exploited Vulnerabilities ( ) catalog.
Below are the threats identified in the list.
- CVE-2017-3066 ( CVSS score: 9.8 )- A deserialization vulnerability impacting Adobe ColdFusion in the Apache BlazeDS catalogue that allows for arbitrary code murder. ( Fixed in April 2017 )
- ( CVSS score: 8.8 )- A deserialization vulnerability impacting Oracle Agile PLM that allows a low-privileged attacker with network access via HTTP to compromise the system. ( Fixed in )
There are currently no public reports referencing the exploitation of the vulnerabilities, although another flaw impacting Oracle Agile PLM ( , CVSS score: 7.5 ) came under active abuse late last year.
People are advised to take precautions in order to reduce the risks posed by potential problems that might exploit these flaws. Federal authorities have until March 17, 2025, to protect their networks from dangers.
The development comes as Grey Noise, a threat intelligence service, revealed active exploitation attempts to hack into CVE-2023-20198, a recently fixed security weakness that affects fragile Cisco equipment.
As many as 110 harmful Firewall, generally originating from Bulgaria, Brazil, and Singapore have been linked to the nefarious activity.
” Two harmful IPs exploited CVE-2018-0171 in December 2024 and January 2025, originating from Switzerland and the United States — the same time when , a Chinese state-sponsored risk group, reportedly breached telecoms networks using CVE-2023-20198 and CVE-2023-20273″, the GreyNoise Research Team .