A threat actor is exploiting multiple vulnerabilities in Adobe ColdFusion through a coordinated campaign, primarily during Christmas 2025. The activity involves sophisticated attack techniques and originates mainly from Japanese infrastructure, affecting systems nationwide. #ColdFusion #JNDIInjection
Keypoints
- The campaign targeted roughly a dozen vulnerabilities in Adobe ColdFusion with over 6,000 requests observed.
- Most attack requests originated from Japan-based infrastructure associated with CTG Server Limited.
- The activity peaked during Christmas, leveraging out-of-band callback verification and JNDI/LDAP injection techniques.
- Primary targets included servers in the US, Spain, India, Canada, Chile, Germany, and Pakistan.
- The IP addresses behind the attacks have generated over 2.5 million requests across numerous security flaws, with limited abuse enforcement by the hosting provider.
Read More: https://www.securityweek.com/adobe-coldfusion-servers-targeted-in-coordinated-campaign/