CVE-2025-24447

Published Apr 8, 2025

Last updated 12 days ago

Adobe ColdFusion

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-24447 is a deserialization of untrusted data vulnerability affecting Adobe ColdFusion versions 2023.12, 2021.18, 2025.0, and earlier. This vulnerability could lead to arbitrary code execution within the context of the current user. Exploitation of CVE-2025-24447 requires user interaction, specifically a victim opening a malicious file. Adobe has released security updates to address this vulnerability in ColdFusion versions 2025, 2023, and 2021.

Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user resulting in a High impact to Confidentiality and Integrity. Exploitation of this issue does not require user interaction.
Source: psirt@adobe.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.1
Impact score: 5.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity: CRITICAL

Weaknesses

psirt@adobe.com: CWE-502

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A94B406-C011-4673-8C2B-0DD94D46CC4C"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFD05E3A-10F9-4C75-9710-BA46B66FF6E6"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1FC7D1D-6DD2-48B2-980F-B001B0F24473"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FA19E1D-61C2-4640-AF06-4BCFE750BDF3"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F331DEA-F3D0-4B13-AB1E-6FE39B2BB55D"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63D5CF84-4B0D-48AE-95D6-262AEA2FFDE8"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10616A3A-0C1C-474A-BD7D-A2A5BB870F74"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7DA523E-1D9B-45FD-94D9-D4F9F2B9296B"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update16:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "151AFF8B-F05C-4D27-85FC-DF88E9C11BEA"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update17:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53A0E245-2915-4DFF-AFB5-A12F5C435702"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update18:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5653D18-7534-48A3-819F-9F049A418F99"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D57C8681-AC68-47DF-A61E-B5C4B4A47663"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75608383-B727-48D6-8FFA-D552A338A562"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7773DB68-414A-4BA9-960F-52471A784379"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B38B9E86-BCD5-4BCA-8FB7-EC55905184E6"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E7BAB80-8455-4570-A2A2-8F40469EE9CC"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9D645A2-E02D-4E82-A2BD-0A7DE5B8FBCC"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E22D701-B038-4795-AA32-A18BC93C2B6F"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CAC4A0EC-C3FC-47D8-86CE-0E6A87A7F0B0"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B02A37FE-5D31-4892-A3E6-156A8FE62D28"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AA3D302-CFEE-4DFD-AB92-F53C87721BFF"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "645D1B5F-2DAB-4AB8-A465-AC37FF494F95"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED6D8996-0770-4C9F-BEA5-87EA479D40A5"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4836086E-3D4A-4A07-A372-382D385CB490"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB88D4FE-5496-4639-BAF2-9F29F24ABF29"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43E0ED98-2C1F-40B8-AF60-FEB1D85619C0"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76204873-C6E0-4202-8A03-0773270F1802"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1A22BE9-0D47-4BA8-8BDB-9B12D7A0F7C7"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3A83642-BF14-4C37-BD94-FA76AABE8ADC"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A892E1DC-F2C8-4F53-8580-A2D1BEED5A25"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB97ADBA-C1A9-4EE0-9509-68CB12358AE5"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E17C38F0-9B0F-4433-9CBD-6E3D63EA9BDC"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30779417-D4E5-4A01-BE0E-1CE1D134292A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]