Overview

Multiple Adobe ColdFusion versions are vulnerable to critical vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code.

Description

ColdFusion versions 2023.12, 2021.18, 2025.0, and earlier are affected by critical vulnerabilities tracked as CVE-2025-24446, CVE-2025-24447, CVE-2025-30281, and CVE-2025-30282, with CVSS scores of 9.1 each. The vulnerabilities result from improper input validation, deserialization of untrusted data, improper access control, and improper authentication. The attacker can exploit these vulnerabilities by sending a specially crafted request to gain unauthorized access and execute arbitrary codes on the affected system.

Impact

Successful exploitation of these vulnerabilities may allow the attacker to take control of the affected system.

Solution

Adobe has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References

• 1. https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html
• 2. https://feedly.com/cve/CVE-2025-24446
• 3. https://feedly.com/cve/CVE-2025-24447
• 4. https://feedly.com/cve/CVE-2025-30281
• 5. https://feedly.com/cve/CVE-2025-30282