A review of recent versions of the selenium server and/or the selenium standalone server suggest it is using and delivers the Apache Commons Collection Library version 3.2.1.

This version of the Apache Commons Collection Library has a known issue.

https://threatpost.com/critical-java-bug-extends-to-oracle-ibm-middleware/115319/
http://www.infoq.com/news/2015/11/commons-exploit

It's possible for ALMOST ANYTHING that can connect to [an affected machine] to bypass authentication, authorization and auditing and remote execute code to take over a remote Java Process JVM (App Server or Standalone).

It is unknown (by me) if Selenium Server itself provides an endpoint or access point allowing an untrusted user to exploit this vulnerability. However, the presence of the Apache Commons Collections Library 3.2.1 in the active classpath for the running JVM exposes this vulnerability for others that may be extending the functionality of the Seleniun Server. Specifically, users augmenting the JVM to be a Java RMI Server in tandem with the Selenium Server.

The Apache Commons Collection Library Version 3.2.2 provides a fix removing this vulnerability from the Library. I believe it is in the best interest of the Selenium Server community to move to this new library as soon as possible.