Adobe Patches Critical ColdFusion and Commerce Vulnerabilities

Posted on By CWS

Adobe has patched practically two dozen vulnerabilities throughout 9 of its merchandise with its September 2025 Patch Tuesday updates, together with vital flaws in ColdFusion and Commerce.

The vital ColdFusion vulnerability, tracked as CVE-2025-54261 with a CVSS rating of 9.0, has been described as a path traversal subject that may result in an arbitrary file system write. It impacts ColdFusion 2021, 2023, and 2025 on all platforms. 

Adobe says it’s not conscious of any in-the-wild exploitation of CVE-2025-54261, however assigned the flaw a precedence ranking of ‘1’, which signifies that it ought to be addressed as quickly as potential (inside 72 hours is advisable). 

It’s not unusual for menace actors to take advantage of ColdFusion vulnerabilities in assaults. The latest is CVE-2024-20767, patched by Adobe in March 2024 and reported as being exploited in December 2024. 

Web scans present a whole bunch of 1000’s of ColdFusion situations uncovered to the online and probably weak to assaults. 

The vital vulnerability fastened in Commerce, in addition to in Magento Open Supply, is CVE-2025-54236, which will be exploited by an unauthenticated attacker to bypass a safety function. Magento vulnerabilities are additionally usually exploited within the wild. 

Adobe patched high-severity vulnerabilities in Acrobat Reader, Premiere Professional, Substance 3D Viewer, Expertise Supervisor (AEM), Dreamweaver, and Substance 3D Modeler. These safety holes can enable arbitrary code execution and safety function bypasses. 

It’s value noting that these flaws are listed as ‘vital’ in Adobe’s advisories, however they’re ‘excessive severity’ based mostly on their CVSS rating. Commercial. Scroll to proceed studying.

Medium- and low-severity points have been resolved in Acrobat Reader, Expertise Supervisor (AEM), and After Results. They will result in a safety function bypass or reminiscence publicity.

The high- and medium-severity flaws have a precedence ranking of ‘3’, which signifies that Adobe doesn’t anticipate them to be exploited in assaults.

Associated: Adobe Patches ColdFusion Flaw at Excessive Danger of Exploitation

Associated: Adobe Patches Over 60 Vulnerabilities Throughout 13 Merchandise

Associated: Adobe Points Out-of-Band Patches for AEM Types Vulnerabilities With Public PoC

Security Week News Tags:, , , , ,

Related Posts

Anubis Ransomware Packs a Wiper to Permanently Delete Files Security Week News
Canadian Electric Utility Says Power Meters Disrupted by Cyberattack Security Week News
In Other News: Hacker Helps Kill Informants, Crylock Developer Sentenced, Ransomware Negotiator Probed Security Week News
Cost of Data Breach in US Rises to $10.22 Million, Says Latest IBM Report Security Week News
Critical Authentication Bypass Flaw Patched in Teleport Security Week News
China Issues Warrants for Alleged Taiwanese Hackers and Bans a Business for Pro-Independence Links Security Week News