Technology

Adobe Patches

3 Min Read
3 Min Read
Adobe ColdFusion

Adobe has released a security update to fix the latest security information set, including multiple critical level bugs in ColdFusion versions 2025, 2023, and 2021.

Of the 30 defects in the product, 11 are rated as important in severity –

  • CVE-2025-24446 (CVSS score: 9.1) – Inappropriate input validation vulnerability that could read any file system
  • CVE-2025-24447 (CVSS score: 9.1) – arbitrary untrusted data vulnerability that could lead to arbitrary code execution
  • CVE-2025-30281 (CVSS score: 9.1) – Inappropriate access control vulnerability that could read any file system
  • CVE-2025-30282 (CVSS score: 9.1) – Inappropriate authentication vulnerability that can result in arbitrary code execution
  • CVE-2025-30284 (CVSS score: 8.0) – Lower vulnerability in untrusted data that can result in arbitrary code execution
  • CVE-2025-30285 (CVSS score: 8.0) – Lower vulnerability in untrusted data that can result in arbitrary code execution
  • CVE-2025-30286 (CVSS score: 8.0) – Operating system command injection vulnerability that can result in arbitrary code execution
  • CVE-2025-30287 (CVSS score: 8.1) – Inappropriate authentication vulnerability that can lead to arbitrary code execution
  • CVE-2025-30288 (CVSS score: 7.8) – Inappropriate access control vulnerability that could result in security features bypass
  • CVE-2025-30289 (CVSS score: 7.5) – Operating system command injection vulnerability that can result in arbitrary code execution
  • CVE-2025-30290 (CVSS score: 8.7) – Path traversal vulnerability that could result in security feature bypass

“These updates resolve critical and critical vulnerabilities that can lead to reading any file system, execution of any code, and bypassing security features,” Adobe said in its advisory.

The vulnerability was resolved in the following versions –

  • ColdFusion 2021 Update 19
  • ColdFusion 2023 Update 13, and
  • ColdFusion 2025 Update 1
See also  Gamma AI platform abused in phishing chain spoofs Microsoft sharepoint login

Also released are fixes to address after effects (CVE-2025-27182, CVE-2025-27183), media encoder (CVE-2025-27195), CVE-2025-27195), and some outbound write and heap-based buffer overflow bugs. (CVE-2025-27196), Photoshop (CVE-2025-27198), Animate (CVE-2025-27199), and Framemaker (CVE-2025-30304, CVE-2025-30297, CVE-2025-30295) can cause any code executive.

Adobe also noted that it is unaware of any of the aforementioned drawbacks. That said, it is essential for users to update their installation to the latest version to protect against potential threats.

Share This Article
Leave a comment

Follow US

POPULAR