CISA Alerts: Oracle Agile Vulnerability Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding active exploitation of a severe deserialization vulnerability (CVE-2024-20953) in Oracle Agile Product Lifecycle Management (PLM) software.

Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on February 24, 2025, the flaw allows attackers with low-privileged access to execute arbitrary code on unpatched systems, potentially leading to full network compromise.

Federal agencies and private sector organizations have until March 17, 2025, to implement mitigations or discontinue the use of affected systems.

Oracle Agile Vulnerability

At the heart of this emergency is CWE-502, a critical deserialization vulnerability that enables attackers to manipulate serialized objects in the Java-based Oracle Agile PLM platform.

Security analysts at Horizon3.ai explain that successful exploitation bypasses standard authentication checks, granting attackers “the ability to execute commands under the identity of the Oracle WebLogic server”.

This access level could enable data theft, lateral ...