AI description
CVE-2025-24447 is a deserialization of untrusted data vulnerability affecting Adobe ColdFusion versions 2023.12, 2021.18, 2025.0, and earlier. This vulnerability could lead to arbitrary code execution within the context of the current user. Exploitation of CVE-2025-24447 requires user interaction, specifically a victim opening a malicious file. Adobe has released security updates to address this vulnerability in ColdFusion versions 2025, 2023, and 2021.
- Description
- ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- Source
- psirt@adobe.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
- psirt@adobe.com
- CWE-502
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
🚨 Critical alert: 30 new security flaws found in Adobe ColdFusion 11 rated Critical. ⚡ Top threats: arbitrary code execution, file system read, security bypass. CVE-2025-24446 | CVSS 9.1 CVE-2025-24447 | CVSS 9.1 CVE-2025-30281 | CVSS 9.1 (and more) No active exploits yet ht
@achi_tech
12 Apr 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-24447 ⚠️🔴 CRITICAL (9.1) 🏢 Adobe - ColdFusion 🏗️ 0 🔗 https://t.co/d22GWuVfCD #CyberCron #VulnAlert #InfoSec https://t.co/yLdSexJawH
@cybercronai
9 Apr 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24447 ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code executi… https://t.co/ktnKuARfJG
@CVEnew
9 Apr 2025
101 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical alert: 30 new security flaws found in Adobe ColdFusion—11 rated Critical. ⚡ Top threats: arbitrary code execution, file system read, security bypass. CVE-2025-24446 | CVSS 9.1 CVE-2025-24447 | CVSS 9.1 CVE-2025-30281 | CVSS 9.1 (and more) No active exploits https:
@TheHackersNews
9 Apr 2025
11397 Impressions
32 Retweets
72 Likes
9 Bookmarks
3 Replies
0 Quotes
Adobeのパッチ なかでも入力検証不備「CVE-2025-24446」、信頼できないデータのデシリアライズ「CVE-2025-24447」、アクセス制御不備「CVE-2025-30281」、認証の不備「CVE-2025-30282」の4件については、共通脆弱性評価システム「CVSSv3.1」のベーススコアを「9.1」とした。 https://t.co/YJlvItNHNt
@Deer0nSecurity
8 Apr 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes