- 80/2025
- Critical
Adobe has released security updates to fix several vulnerabilities across multiple Adobe products.
The addressed vulnerabilities could allow the attacker to perform denial-of-service attacks, bypass security restrictions, gain elevated privileges, execute arbitrary code, and gain access to the affected products.
Sample of the addressed vulnerabilities:
1. Adobe ColdFusion Deserialization of Untrusted Data (CWE-502) Vulnerability (CVE-2025-24447):
- CVSS: 9.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Adobe ColdFusion Improper Access Control (CWE-284) Vulnerability (CVE-2025-30288):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Consequences: Bypass Security
Sample of the affected products:
- Adobe Commerce.
- Adobe Commerce B2B.
- Adobe ColdFusion.
- Adobe AEM Forms.
- Adobe XMP Toolkit SDK.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.