Adobe is liberated Security updates to correct fresh sets of security flaws, including several critical errors in Coldfusion 2025, 2023 and 2021, which could lead to arbitrary file reading and code execution.
Of 30 deficiency in product 11 are evaluated by critical in seriousness –
- Cve-2025-2446 (CVSS assessment: 9.1) – Incorrect vulnerability of entry check that may result in the read arbitrary file system
- Cve-2025-2447 (CVSS assessment: 9.1) – Deaserization of the unreliable vulnerability of the data that may lead to an arbitrary code
- Cve-2025-30281 (CVSS assessment: 9.1) – Incorrect vulnerability of access control that may lead to an read file system
- Cve-2025-30282 (CVSS assessment: 9.1) – Incorrect authentication vulnerability that can lead to arbitrary code
- Cve-2025-30284 (CVSS assessment: 8.0) – Deaserization of the unreliable vulnerability of the data that may lead to an arbitrary code
- Cve-2025-30285 (CVSS assessment: 8.0) – Deaserization of the unreliable vulnerability of the data that may lead to an arbitrary code
- Cve-2025-30286 (CVSS assessment: 8.0) – vulnerability of the introduction of the operating system that can lead to an arbitrary code
- Cve-2025-30287 (CVSS assessment: 8.1) – Incorrect authentication vulnerability that may lead to an arbitrary code
- Cve-2025-30288 (CVSS assessment: 7.8) – Incorrect vulnerability of access control that can lead to bypass security features
- Cve-2025-30289 (CVSS assessment: 7.5) – vulnerability of the introduction of the operating system that can lead to arbitrary code
- Cve-2025-30290 (CVSS assessment: 8.7) – vulnerability of the path that can lead to bypassing security features
“These updates decide the critical and important vulnerabilities that can lead to the read file system, the arbitrary code and security function,” Adobe – Note In advisory.
The vulnerabilities were resolved in the versions below –
- Coldfusion 2021 Update 19
- Coldfusion 2023 Update 13, and
- Update Coldfusion 2025 1
The fixes were also released to solve multiple offs that write, and based on piles of buffer errors After the effects (Cve-2015-27182, Cve-2015-27183), Media Kader (Cve-2015-27194, Cve-2015-27195), Bridge (Cve-2015-27193), Premiere Pro (Cve-2015-27196), Photo show (Cve-2015-27198), Animate (Cve-2015-27199), and Frame (CVE-2025-30304, Cve-2025-30297, Cve-2025-30295), which may lead to an arbitrary code.
Adobe also noted that he did not know about any feats in any of the above deficiencies. Given this, it is important that users update their settings to the latest version to protect against potential threats.
