The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding active exploitation of a severe deserialization vulnerability (CVE-2024-20953) in Oracle Agile Product Lifecycle Management (PLM) software.
Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on February 24, 2025, the flaw allows attackers with low-privileged access to execute arbitrary code on unpatched systems, potentially leading to full network compromise.
https://gbhackers.com/cisa-alerts-oracl ... exploited/