Computing

Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered

News Room
News Room

Apr 09, 2025Ravie LakshmananSoftware Security / Vulnerability

Adobe has released security updates to fix a fresh set of security flaws, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that could result in arbitrary file read and code execution.

Of the 30 flaws in the product, 11 are rated Critical in severity –

  • CVE-2025-24446 (CVSS score: 9.1) – An improper input validation vulnerability that could result in an arbitrary file system read
  • CVE-2025-24447 (CVSS score: 9.1) – A deserialization of untrusted data vulnerability that could result in arbitrary code execution
  • CVE-2025-30281 (CVSS score: 9.1) – An improper access control vulnerability that could result in an arbitrary file system read
  • CVE-2025-30282 (CVSS score: 9.1) – An improper authentication vulnerability that could result in arbitrary code execution
  • CVE-2025-30284 (CVSS score: 8.0) – A deserialization of untrusted data vulnerability that could result in arbitrary code execution
  • CVE-2025-30285 (CVSS score: 8.0) – A deserialization of untrusted data vulnerability that could result in arbitrary code execution
  • CVE-2025-30286 (CVSS score: 8.0) – An operating system command injection vulnerability that could result in arbitrary code execution
  • CVE-2025-30287 (CVSS score: 8.1) – An improper authentication vulnerability that could result in arbitrary code execution
  • CVE-2025-30288 (CVSS score: 7.8) – An improper access control vulnerability that could result in a security feature bypass
  • CVE-2025-30289 (CVSS score: 7.5) – An operating system command injection vulnerability that could result in arbitrary code execution
  • CVE-2025-30290 (CVSS score: 8.7) – A path traversal vulnerability that could result in a security feature bypass
Cybersecurity

“These updates resolve critical and important vulnerabilities that could lead to arbitrary file system read, arbitrary code execution and security feature bypass,” Adobe said in an advisory.

The vulnerabilities have been resolved in the below versions –

  • ColdFusion 2021 Update 19
  • ColdFusion 2023 Update 13, and
  • ColdFusion 2025 Update 1

Fixes have also been released to address several out-of-bounds write and heap-based buffer overflow bugs in After Effects (CVE-2025-27182, CVE-2025-27183), Media Encoder (CVE-2025-27194, CVE-2025-27195), Bridge (CVE-2025-27193), Premiere Pro (CVE-2025-27196), Photoshop (CVE-2025-27198), Animate (CVE-2025-27199), and FrameMaker (CVE-2025-30304, CVE-2025-30297, CVE-2025-30295) that could lead to arbitrary code execution.

Adobe also noted that it’s not aware of any exploits for any of the aforementioned shortcomings. That said, it’s essential that users update their installations to the latest version to safeguard against potential threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Share This Article
Previous Article Breakthrough implant reads your thoughts and converts them to speech
Next Article Putin’s peace plan is actually a call for Ukraine’s capitulation
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Connected

Latest News

Redis 8.2 Preparing More Performance Optimizations, SVS-VAMANA
Computing
Debenhams Group signs multi-year agreement with AWS – UKTN
News
The agents were supposed to go for AI in another dimension in 2025. As with other things of AI, it was only supposed to
Mobile
“This fusion fucking in the air south park”, Trey Parker and Matt Stone lose patience against Paramount and Skydance
Mobile
Lost your password?