AI description
CVE-2025-24446 is an Improper Input Validation vulnerability affecting Adobe ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier. Successful exploitation could lead to arbitrary code execution within the context of the current user. User interaction is required to exploit this vulnerability, as a victim must open a malicious file. The vulnerability exists due to improper input validation, potentially allowing attackers to execute arbitrary code on vulnerable ColdFusion instances. Adobe has released security updates for ColdFusion versions 2025, 2023, and 2021 to address this and other vulnerabilities. It is recommended to update to the latest version of ColdFusion to mitigate the risk.
- Description
- ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- Source
- psirt@adobe.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@adobe.com
- CWE-20
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
🚨 Critical alert: 30 new security flaws found in Adobe ColdFusion 11 rated Critical. ⚡ Top threats: arbitrary code execution, file system read, security bypass. CVE-2025-24446 | CVSS 9.1 CVE-2025-24447 | CVSS 9.1 CVE-2025-30281 | CVSS 9.1 (and more) No active exploits yet ht
@achi_tech
12 Apr 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-24446 ⚠️🔴 CRITICAL (9.1) 🏢 Adobe - ColdFusion 🏗️ 0 🔗 https://t.co/d22GWuVfCD #CyberCron #VulnAlert #InfoSec https://t.co/a6qjr3WaCF
@cybercronai
9 Apr 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Adobe patches 11 critical ColdFusion flaws (CVE-2025-24446, CVE-2025-30282) with CVSS scores up to 9.1! Vulnerabilities could lead to arbitrary file reads & code execution. Update ColdFusion & other Adobe products ASAP. https://t.co/ICkNAb8QEa #CyberSecurity
@dCypherIO
9 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24446 and other: Multiple vulns in Adobe ColdFusion, 7.5 - 9.1 rating 🔥 Adobe disclosed 11 vulns that could lead to arbitrary file system read, and code execution. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/W5lPEKxHSL #cybersecurity #vulnerability_map h
@Netlas_io
9 Apr 2025
588 Impressions
5 Retweets
9 Likes
1 Bookmark
0 Replies
0 Quotes
📌 أصدرت أدوبي تحديثات أمان لإصلاح 30 ثغرة، منها 11 ثغرة حرجة في إصدارات ColdFusion 2025 و2023 و2021، مما قد يؤدي إلى قراءة ملفات عشوائية وتنفيذ أكواد. إحدى الثغرات، CVE-2025-24446، حصلت على درجة 9.1 في نظام تقييم خطورة الثغرات. #الامن_السيبراني https://t.co/tHxf7oJUUv
@Cybercachear
9 Apr 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical alert: 30 new security flaws found in Adobe ColdFusion—11 rated Critical. ⚡ Top threats: arbitrary code execution, file system read, security bypass. CVE-2025-24446 | CVSS 9.1 CVE-2025-24447 | CVSS 9.1 CVE-2025-30281 | CVSS 9.1 (and more) No active exploits https:
@TheHackersNews
9 Apr 2025
11397 Impressions
32 Retweets
72 Likes
9 Bookmarks
3 Replies
0 Quotes
Adobeのパッチ なかでも入力検証不備「CVE-2025-24446」、信頼できないデータのデシリアライズ「CVE-2025-24447」、アクセス制御不備「CVE-2025-30281」、認証の不備「CVE-2025-30282」の4件については、共通脆弱性評価システム「CVSSv3.1」のベーススコアを「9.1」とした。 https://t.co/YJlvItNHNt
@Deer0nSecurity
8 Apr 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes