Published On: Dec 14, 2025 20:53
Advisory No: TZCERT-SA-25-0128
Source: Adobe
Software Affected: Adobe ColdFusion
Adobe ColdFusion versions are vulnerable to two vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code.
Adobe ColdFusion versions 2021, 2023, and 2025 are affected by critical vulnerabilities tracked as CVE-2025-61808 and CVE-2025-61809, with CVSS scores of 9.1 each. The vulnerabilities result from unrestricted upload of files with dangerous types and improper input validation. The attacker can exploit these vulnerabilities by sending a specially crafted request to achieve arbitrary file system write, arbitrary file system read, arbitrary code execution, security feature bypass, and privilege escalation.
Successful exploitation of these vulnerabilities may allow the attacker to take control of the affected system.
Adobe has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
