Summary: Adobe has issued security updates for ColdFusion versions 2025, 2023, and 2021 to address 30 newly discovered vulnerabilities, including 11 critical-severity flaws that could allow for arbitrary file read and code execution. The updates are essential to mitigate risks associated with these vulnerabilities, though Adobe reports no known exploits currently in the wild. Users are encouraged to upgrade their installations to the latest versions to enhance security.
Affected: Adobe ColdFusion, After Effects, Media Encoder, Bridge, Premiere Pro, Photoshop, Animate, FrameMaker
Keypoints :
- 11 critical vulnerabilities in ColdFusion could allow arbitrary file read and code execution.
- Key CVEs include CVE-2025-24446 (improper input validation) and CVE-2025-24447 (deserialization of untrusted data).
- Adobe has released updates for ColdFusion 2021 (Update 19), 2023 (Update 13), and 2025 (Update 1) among others.
- Fixes for additional vulnerabilities in After Effects and other Adobe products are also included.
- Users are urged to update their software to protect against potential threats.
Source: https://thehackernews.com/2025/04/adobe-patches-11-critical-coldfusion.html