![[The AI Show Episode 142]: ChatGPT’s New Image Generator, Studio Ghibli Craze and Backlash, Gemini 2.5, OpenAI Academy, 4o Updates, Vibe Marketing & xAI Acquires X](https://www.marketingaiinstitute.com/hubfs/ep%20142%20cover.png)
![[DEALS] The Premium Learn to Code Certification Bundle (97% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![From drop-out to software architect with Jason Lengstorf [Podcast #167]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743796461357/f3d19cd7-e6f5-4d7c-8bfc-eb974bc8da68.png?#)
.png?#)
_Christophe_Coat_Alamy.jpg?#)
.webp?#)
.webp?#)
![Apple Considers Delaying Smart Home Hub Until 2026 [Gurman]](https://www.iclarified.com/images/news/96946/96946/96946-640.jpg)
![iPhone 17 Pro Won't Feature Two-Toned Back [Gurman]](https://www.iclarified.com/images/news/96944/96944/96944-640.jpg)
![Tariffs Threaten Apple's $999 iPhone Price Point in the U.S. [Gurman]](https://www.iclarified.com/images/news/96943/96943/96943-640.jpg)
CISA Warns of Oracle Agile Vulnerability Exploited in the Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding CVE-2024-20953, a high-severity deserialization vulnerability in Oracle’s Agile Product Lifecycle Management (PLM) software that is being actively exploited in the wild. Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on February 24, 2025, the flaw enables unauthenticated attackers to compromise enterprise systems, […] The post CISA Warns of Oracle Agile Vulnerability Exploited in the Wild appeared first on Cyber Security News.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding CVE-2024-20953, a high-severity deserialization vulnerability in Oracle’s Agile Product Lifecycle Management (PLM) software that is being actively exploited in the wild.
Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on February 24, 2025, the flaw enables unauthenticated attackers to compromise enterprise systems, steal sensitive data, and disrupt critical supply chain operations.
Federal agencies have been ordered to patch the vulnerability by March 17, 2025, though all organizations using Oracle Agile PLM are urged to prioritize mitigation.
CVE-2024-20953 resides in the Export component of Oracle Agile PLM version 9.3.6, a platform used globally for managing product development, compliance, and collaboration.
With a CVSS score of 8.8, the flaw allows low-privileged attackers to execute arbitrary code via HTTP requests, leading to full system compromise.
Exploits leverage insecure deserialization a process where untrusted data is converted into executable objects to bypass authentication and hijack systems.
Successful attacks could result in data exfiltration, intellectual property theft, or manipulation of product lifecycle data.
Oracle Agile PLM is integral to manufacturing, healthcare, and technology sectors, where it manages sensitive product blueprints, quality controls, and compliance documentation.
A breach could enable adversaries to sabotage production lines, leak proprietary designs, or inject malicious code into product updates.
The vulnerability’s linkage to Oracle’s supply chain suite amplifies risks, as compromised PLM systems could propagate attacks to downstream partners.
Mitigation and Response
Oracle released patches for CVE-2024-20953 in its January 2024 Critical Patch Update, urging customers to upgrade to version 9.3.7 or later. CISA mandates federal agencies to implement these updates immediately, while private entities are advised to:
- Isolate Agile PLM systems from public internet access.
- Apply Oracle’s security patches and validate configurations.
- Monitor network traffic for anomalous HTTP activity targeting the Export module.
Eric Maurice, Oracle’s Vice President of Security Assurance, emphasized that “organizations delaying patches are exposing themselves to irreversible operational and reputational damage.” The advisory follows a similar warning in November 2024 for CVE-2024-21287, another Agile PLM flaw exploited as a zero-day, underscoring the platform’s attractiveness to attackers.
With supply chain attacks surging globally, CISA’s advisory highlights the critical need for proactive vulnerability management.
Free Webinar: Better SOC with Interactive Malware Sandbox for Incident Response and Threat Hunting – Register Here
The post CISA Warns of Oracle Agile Vulnerability Exploited in the Wild appeared first on Cyber Security News.
