Adobe has released safety updates to repair a contemporary set of safety flaws, together with a number of critical-severity bugs in ColdFusion variations 2025, 2023 and 2021 that would lead to arbitrary file learn and code execution.
Of the 30 flaws within the product, 11 are rated Vital in severity –
- CVE-2025-24446 (CVSS rating: 9.1) – An improper enter validation vulnerability that would lead to an arbitrary file system learn
- CVE-2025-24447 (CVSS rating: 9.1) – A deserialization of untrusted information vulnerability that would lead to arbitrary code execution
- CVE-2025-30281 (CVSS rating: 9.1) – An improper entry management vulnerability that would lead to an arbitrary file system learn
- CVE-2025-30282 (CVSS rating: 9.1) – An improper authentication vulnerability that would lead to arbitrary code execution
- CVE-2025-30284 (CVSS rating: 8.0) – A deserialization of untrusted information vulnerability that would lead to arbitrary code execution
- CVE-2025-30285 (CVSS rating: 8.0) – A deserialization of untrusted information vulnerability that would lead to arbitrary code execution
- CVE-2025-30286 (CVSS rating: 8.0) – An working system command injection vulnerability that would lead to arbitrary code execution
- CVE-2025-30287 (CVSS rating: 8.1) – An improper authentication vulnerability that would lead to arbitrary code execution
- CVE-2025-30288 (CVSS rating: 7.8) – An improper entry management vulnerability that would lead to a safety function bypass
- CVE-2025-30289 (CVSS rating: 7.5) – An working system command injection vulnerability that would lead to arbitrary code execution
- CVE-2025-30290 (CVSS rating: 8.7) – A path traversal vulnerability that would lead to a safety function bypass
“These updates resolve vital and necessary vulnerabilities that would result in arbitrary file system learn, arbitrary code execution and safety function bypass,” Adobe said in an advisory.
The vulnerabilities have been resolved within the beneath variations –
- ColdFusion 2021 Replace 19
- ColdFusion 2023 Replace 13, and
- ColdFusion 2025 Replace 1
Fixes have additionally been launched to deal with a number of out-of-bounds write and heap-based buffer overflow bugs in After Effects (CVE-2025-27182, CVE-2025-27183), Media Encoder (CVE-2025-27194, CVE-2025-27195), Bridge (CVE-2025-27193), Premiere Pro (CVE-2025-27196), Photoshop (CVE-2025-27198), Animate (CVE-2025-27199), and FrameMaker (CVE-2025-30304, CVE-2025-30297, CVE-2025-30295) that would result in arbitrary code execution.
Adobe additionally famous that it is not conscious of any exploits for any of the aforementioned shortcomings. That mentioned, it is important that customers replace their installations to the most recent model to safeguard towards potential threats.
Source link