Adobe Patches Critical ColdFusion and Commerce Vulnerabilities

Posted on By CWS

Adobe has patched practically two dozen vulnerabilities throughout 9 of its merchandise with its September 2025 Patch Tuesday updates, together with vital flaws in ColdFusion and Commerce.

The vital ColdFusion vulnerability, tracked as CVE-2025-54261 with a CVSS rating of 9.0, has been described as a path traversal subject that may result in an arbitrary file system write. It impacts ColdFusion 2021, 2023, and 2025 on all platforms. 

Adobe says it’s not conscious of any in-the-wild exploitation of CVE-2025-54261, however assigned the flaw a precedence ranking of ‘1’, which signifies that it ought to be addressed as quickly as potential (inside 72 hours is advisable). 

It’s not unusual for menace actors to take advantage of ColdFusion vulnerabilities in assaults. The latest is CVE-2024-20767, patched by Adobe in March 2024 and reported as being exploited in December 2024. 

Web scans present a whole bunch of 1000’s of ColdFusion situations uncovered to the online and probably weak to assaults. 

The vital vulnerability fastened in Commerce, in addition to in Magento Open Supply, is CVE-2025-54236, which will be exploited by an unauthenticated attacker to bypass a safety function. Magento vulnerabilities are additionally usually exploited within the wild. 

Adobe patched high-severity vulnerabilities in Acrobat Reader, Premiere Professional, Substance 3D Viewer, Expertise Supervisor (AEM), Dreamweaver, and Substance 3D Modeler. These safety holes can enable arbitrary code execution and safety function bypasses. 

It’s value noting that these flaws are listed as ‘vital’ in Adobe’s advisories, however they’re ‘excessive severity’ based mostly on their CVSS rating. Commercial. Scroll to proceed studying.

Medium- and low-severity points have been resolved in Acrobat Reader, Expertise Supervisor (AEM), and After Results. They will result in a safety function bypass or reminiscence publicity.

The high- and medium-severity flaws have a precedence ranking of ‘3’, which signifies that Adobe doesn’t anticipate them to be exploited in assaults.

Associated: Adobe Patches ColdFusion Flaw at Excessive Danger of Exploitation

Associated: Adobe Patches Over 60 Vulnerabilities Throughout 13 Merchandise

Associated: Adobe Points Out-of-Band Patches for AEM Types Vulnerabilities With Public PoC

Security Week News Tags:, , , , ,

Related Posts

UK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble? Security Week News
CISA Warns AMI BMC Vulnerability Exploited in the Wild Security Week News
In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost Security Week News
Lumma Stealer Malware Returns After Takedown Attempt Security Week News
The Loudest Voices in Security Often Have the Least to Lose Security Week News
CrowdStrike Insider Helped Hackers Falsely Claim System Breach Security Week News