Security News > 2025 > February > Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA

Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA
2025-02-25 04:10

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2017-3066 (CVSS score: 9.8) - A deserialization vulnerability impacting


News URL

https://thehackernews.com/2025/02/two-actively-exploited-security-flaws.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2017-04-27 CVE-2017-3066 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 10.0/11.0/2016
Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library.
network
low complexity
adobe CWE-502
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Oracle 698 249 2225 1709 367 4550
Adobe 104 49 840 1670 628 3187