CISA Warns of a Critical Vulnerability in Oracle Agile PLM
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about CVE-2024-20953, a security vulnerability in Oracle Agile Product Lifecycle Management (PLM). This vulnerability is currently being actively exploited by cybercriminals.
On February 24, 2025, CISA added this flaw to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability allows attackers to gain unauthenticated access to corporate systems, steal sensitive data, and cause significant disruptions to global supply chains.
The vulnerability is located in the Export module of Oracle Agile PLM version 9.3.6. It enables low-privileged attackers to execute arbitrary code via HTTP requests. With a CVSS severity score of 8.8, this flaw poses a serious risk of full system compromise.
Cybercriminals exploit this flaw through insecure deserialization, a process where untrusted data is converted into executable objects. This allows attackers to bypass authentication and gain control over the system.
🔴 Data Theft – Confidential corporate documents and intellectual property could be stolen.
🔴 Sabotaging Production Processes – Attackers could manipulate product designs, quality control records, or compliance documentation.
🔴 Malware Injection – Hackers could spread malicious software through the PLM system, causing widespread damage across supply chains.
Oracle Agile PLM is widely used in the manufacturing, healthcare, and technology sectors to manage product design, quality control, and regulatory compliance. If compromised, this system could lead to data leaks or the insertion of malicious code into product updates.
Oracle has already released patches for CVE-2024-20953 as part of its January 2024 Critical Patch Update. All users are urged to upgrade to version 9.3.7 or later.
CISA has mandated federal agencies to apply these patches by March 17, 2025. Additionally, private organizations are advised to take the following security measures:
✅ Isolate PLM Systems from the Internet – Ensure Oracle Agile PLM servers are not directly exposed to the internet.
✅ Immediately Apply Security Patches – Install Oracle’s latest security updates without delay.
✅ Monitor Network Traffic – Continuously scan for suspicious HTTP activity targeting the Export module and respond to threats promptly.
Eric Maurice, Vice President of Security Assurance at Oracle, stated:
🗣️ “Organizations delaying patches are exposing themselves to both operational and reputational damage.”
This advisory follows a similar warning in November 2024 regarding CVE-2024-21287, another Agile PLM vulnerability that was actively exploited as a zero-day. These incidents highlight Oracle Agile PLM’s increasing attractiveness to attackers.
🚨 With supply chain attacks on the rise, organizations using Oracle Agile PLM must act swiftly to secure their systems.
📌 If you are using version 9.3.6 or earlier, upgrade immediately!
📌 Enhance network security and implement real-time monitoring for suspicious activity.
📌 Do not delay updates, as this could lead to severe financial and reputational losses.
🔴 Oracle Agile PLM remains a prime target for cyberattacks, making protection against CVE-2024-20953 a critical priority. Taking timely action now can prevent major security breaches!
