Adobe Patches Critical ColdFusion and Commerce Vulnerabilities

Adobe Patches Critical ColdFusion and Commerce Vulnerabilities

Posted on By CWS

Adobe has patched practically two dozen vulnerabilities throughout 9 of its merchandise with its September 2025 Patch Tuesday updates, together with vital flaws in ColdFusion and Commerce.

The vital ColdFusion vulnerability, tracked as CVE-2025-54261 with a CVSS rating of 9.0, has been described as a path traversal subject that may result in an arbitrary file system write. It impacts ColdFusion 2021, 2023, and 2025 on all platforms. 

Adobe says it’s not conscious of any in-the-wild exploitation of CVE-2025-54261, however assigned the flaw a precedence ranking of ‘1’, which signifies that it ought to be addressed as quickly as potential (inside 72 hours is advisable). 

It’s not unusual for menace actors to take advantage of ColdFusion vulnerabilities in assaults. The latest is CVE-2024-20767, patched by Adobe in March 2024 and reported as being exploited in December 2024. 

Web scans present a whole bunch of 1000’s of ColdFusion situations uncovered to the online and probably weak to assaults. 

The vital vulnerability fastened in Commerce, in addition to in Magento Open Supply, is CVE-2025-54236, which will be exploited by an unauthenticated attacker to bypass a safety function. Magento vulnerabilities are additionally usually exploited within the wild. 

Adobe patched high-severity vulnerabilities in Acrobat Reader, Premiere Professional, Substance 3D Viewer, Expertise Supervisor (AEM), Dreamweaver, and Substance 3D Modeler. These safety holes can enable arbitrary code execution and safety function bypasses. 

It’s value noting that these flaws are listed as ‘vital’ in Adobe’s advisories, however they’re ‘excessive severity’ based mostly on their CVSS rating. Commercial. Scroll to proceed studying.

Medium- and low-severity points have been resolved in Acrobat Reader, Expertise Supervisor (AEM), and After Results. They will result in a safety function bypass or reminiscence publicity.

The high- and medium-severity flaws have a precedence ranking of ‘3’, which signifies that Adobe doesn’t anticipate them to be exploited in assaults.

Associated: Adobe Patches ColdFusion Flaw at Excessive Danger of Exploitation

Associated: Adobe Patches Over 60 Vulnerabilities Throughout 13 Merchandise

Associated: Adobe Points Out-of-Band Patches for AEM Types Vulnerabilities With Public PoC

Security Week News Tags:, , , , ,

Related Posts

In Other News: ATM Jackpotting, WhatsApp-NSO Lawsuit Continues, CISA Hiring In Other News: ATM Jackpotting, WhatsApp-NSO Lawsuit Continues, CISA Hiring Security Week News
Who is Zico Kolter? A Professor Leads OpenAI Safety Panel With Power to Halt Unsafe AI Releases Who is Zico Kolter? A Professor Leads OpenAI Safety Panel With Power to Halt Unsafe AI Releases Security Week News
Why We Can’t Let AI Take the Wheel of Cyber Defense Why We Can’t Let AI Take the Wheel of Cyber Defense Security Week News
Plex Urges Password Resets Following Data Breach Plex Urges Password Resets Following Data Breach Security Week News
Tech Giants Unite to Tackle Online Scams and Fraud Tech Giants Unite to Tackle Online Scams and Fraud Security Week News
LexisNexis Data Breach: Limited Impact Despite Hackers’ Claims LexisNexis Data Breach: Limited Impact Despite Hackers’ Claims Security Week News