Adobe Patches Critical ColdFusion and Commerce Vulnerabilities

Adobe Patches Critical ColdFusion and Commerce Vulnerabilities

Posted on By CWS

Adobe has patched practically two dozen vulnerabilities throughout 9 of its merchandise with its September 2025 Patch Tuesday updates, together with vital flaws in ColdFusion and Commerce.

The vital ColdFusion vulnerability, tracked as CVE-2025-54261 with a CVSS rating of 9.0, has been described as a path traversal subject that may result in an arbitrary file system write. It impacts ColdFusion 2021, 2023, and 2025 on all platforms. 

Adobe says it’s not conscious of any in-the-wild exploitation of CVE-2025-54261, however assigned the flaw a precedence ranking of ‘1’, which signifies that it ought to be addressed as quickly as potential (inside 72 hours is advisable). 

It’s not unusual for menace actors to take advantage of ColdFusion vulnerabilities in assaults. The latest is CVE-2024-20767, patched by Adobe in March 2024 and reported as being exploited in December 2024. 

Web scans present a whole bunch of 1000’s of ColdFusion situations uncovered to the online and probably weak to assaults. 

The vital vulnerability fastened in Commerce, in addition to in Magento Open Supply, is CVE-2025-54236, which will be exploited by an unauthenticated attacker to bypass a safety function. Magento vulnerabilities are additionally usually exploited within the wild. 

Adobe patched high-severity vulnerabilities in Acrobat Reader, Premiere Professional, Substance 3D Viewer, Expertise Supervisor (AEM), Dreamweaver, and Substance 3D Modeler. These safety holes can enable arbitrary code execution and safety function bypasses. 

It’s value noting that these flaws are listed as ‘vital’ in Adobe’s advisories, however they’re ‘excessive severity’ based mostly on their CVSS rating. Commercial. Scroll to proceed studying.

Medium- and low-severity points have been resolved in Acrobat Reader, Expertise Supervisor (AEM), and After Results. They will result in a safety function bypass or reminiscence publicity.

The high- and medium-severity flaws have a precedence ranking of ‘3’, which signifies that Adobe doesn’t anticipate them to be exploited in assaults.

Associated: Adobe Patches ColdFusion Flaw at Excessive Danger of Exploitation

Associated: Adobe Patches Over 60 Vulnerabilities Throughout 13 Merchandise

Associated: Adobe Points Out-of-Band Patches for AEM Types Vulnerabilities With Public PoC

Security Week News Tags:, , , , ,

Related Posts

Is AI Use in the Workplace Out of Control? Is AI Use in the Workplace Out of Control? Security Week News
Unpatched Gogs Zero-Day Exploited for Months Unpatched Gogs Zero-Day Exploited for Months Security Week News
Cyber Intelligence Firm iCOUNTER Emerges From Stealth With Million in Funding Cyber Intelligence Firm iCOUNTER Emerges From Stealth With $30 Million in Funding Security Week News
Researchers Hack ChatGPT Memories and Web Search Features Researchers Hack ChatGPT Memories and Web Search Features Security Week News
Old Attack, New Speed: Researchers Optimize Page Cache Exploits Old Attack, New Speed: Researchers Optimize Page Cache Exploits Security Week News
Code Execution Flaws Haunt Adobe Acrobat Reader, Adobe Commerce Code Execution Flaws Haunt Adobe Acrobat Reader, Adobe Commerce Security Week News