PT-2025-50283 · Adobe · Coldfusion
Published
2025-12-09
·
Updated
2025-12-15
·
CVE-2025-61810
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
ColdFusion versions 2025.4, 2023.16, and 2021.22 and earlier
Description
A Deserialization of Untrusted Data issue exists that could lead to arbitrary code execution with the privileges of the current user. A high-privileged attacker could exploit this by submitting maliciously crafted serialized data to the application. User interaction is required for exploitation.
Recommendations
Update ColdFusion to a version later than 2021.22.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Coldfusion