Adobe has released a security update to fix the latest security information set, including multiple critical level bugs in ColdFusion versions 2025, 2023, and 2021.
Of the 30 defects in the product, 11 are rated as important in severity –
CVE-2025-244446 (CVSS score: 9.1) – Inappropriate input validation vulnerability that could read any file system CVE-2025-24447 (CVSS score: 9.1) – Untrusted data vulnerability that could cause execution of any code code Inappropriate access control vulnerability that could lead to any file system CVE-2025-30282 (CVSS score: 9.1) – Inappropriate authentication vulnerability that could lead to any code execution CVE-2025-30284 (CVSS score: 8.0) – Possible degraded CVE-2025-30285 (CVSS score: 8.0) that could lead to untrusted data vulnerabilities that could lead to arbitrary code execution a-2025-30286 (CVSS score: 8.0) that could lead to arbitrary code execution operating system command injection vulnerabilities that could lead to arbitrary code execution vulnerabilities that could lead to arbitrary code execution vulnerabilities that could lead to arbitrary code execution vulnerabilities that could lead to arbitrary code execution vulnerabilities that could lead to arbitrary code execution vulnerabilities that could lead to security feature bypass
“These updates resolve critical and critical vulnerabilities that can lead to reading any file system, execution of any code, and bypassing security features,” Adobe said in its advisory.
The vulnerability was resolved in the following versions –
ColdFusion2021 Update 19 ColdFusion 2023 Update 13, and ColdFusion 2025 Update1
Also released fixes to address after effects (CVE-2025-27182, CVE-2025-27183), media encoder (CVE-2025-27195), CVE-2025-27195), and several outbound write and heap-based buffer overflow bugs. (CVE-2025-27196), Photoshop (CVE-2025-27198), Animate (CVE-2025-27199), and Framemaker (CVE-2025-30304, CVE-2025-30297, CVE-2025-30295) can cause any code executive.
Adobe also noted that it is unaware of any of the aforementioned drawbacks. That said, it is essential for users to update their installation to the latest version to protect against potential threats.
Source link
