Adobe has released security updates to fix a fresh set of security flaws, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that could result in arbitrary file read and code execution.
Of the 30 flaws in the product, 11 are rated Critical in severity –
- CVE-2025-24446 (CVSS score: 9.1) – An improper input validation vulnerability that could result in an arbitrary file system read
- CVE-2025-24447 (CVSS score: 9.1) – A deserialization of untrusted data vulnerability that could result in arbitrary code execution
- CVE-2025-30281 (CVSS score: 9.1) – An improper access control vulnerability that could result in an arbitrary file system read
- CVE-2025-30282 (CVSS score: 9.1) – An improper authentication vulnerability that could result in arbitrary code execution
- CVE-2025-30284 (CVSS score: 8.0) – A deserialization of untrusted data vulnerability that could result in arbitrary code execution
- CVE-2025-30285 (CVSS score: 8.0) – A deserialization of untrusted data vulnerability that could result in arbitrary code execution
- CVE-2025-30286 (CVSS score: 8.0) – An operating system command injection vulnerability that could result in arbitrary code execution
- CVE-2025-30287 (CVSS score: 8.1) – An improper authentication vulnerability that could result in arbitrary code execution
- CVE-2025-30288 (CVSS score: 7.8) – An improper access control vulnerability that could result in a security feature bypass
- CVE-2025-30289 (CVSS score: 7.5) – An operating system command injection vulnerability that could result in arbitrary code execution
- CVE-2025-30290 (CVSS score: 8.7) – A path traversal vulnerability that could result in a security feature bypass
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“These updates resolve critical and important vulnerabilities that could lead to arbitrary file system read, arbitrary code execution and security feature bypass,” Adobe said in an advisory.
The vulnerabilities have been resolved in the below versions –
- ColdFusion 2021 Update 19
- ColdFusion 2023 Update 13, and
- ColdFusion 2025 Update 1
Fixes have also been released to address several out-of-bounds write and heap-based buffer overflow bugs in After Effects (CVE-2025-27182, CVE-2025-27183), Media Encoder (CVE-2025-27194, CVE-2025-27195), Bridge (CVE-2025-27193), Premiere Pro (CVE-2025-27196), Photoshop (CVE-2025-27198), Animate (CVE-2025-27199), and FrameMaker (CVE-2025-30304, CVE-2025-30297, CVE-2025-30295) that could lead to arbitrary code execution.
Adobe also noted that it’s not aware of any exploits for any of the aforementioned shortcomings. That said, it’s essential that users update their installations to the latest version to safeguard against potential threats.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw