Adobe warns of critical ColdFusion bug

Adobe warns of critical ColdFusion bug

Adobe has released a security update to address a ColdFusion vulnerability with proof-of-concept exploit code.

Adobe has released security updates to address a vulnerability in ColdFusion. It is caused by path traversal. It affects ColdFusion 2021 and 2023 versions that give attackers access to put arbitrary files on vulnerable servers.

Proactive security

The vulnerability features proof-of-concept exploit code, and Adobe has classified it as “Priority 1.” That classification indicates an increased risk of the flaw being exploited. Adobe recommends installing security updates within 72 hours and then using recommended security settings.

It has not been confirmed whether the vulnerability has been exploited by attackers, yet Adobe recommends consulting the updated documentation on blocking deserialization attacks. This is not the first time critical flaws have surfaced in ColdFusion. BleepingComputer writes that just last year a vulnerability in ColdFusion was actively exploited. So being proactive and taking action is definitely recommended in this case.