SecurityWeek ·EN-US News source Patch releasedColdFusionCommerceExperience Manager
Adobe Patches Critical ColdFusion Vulnerabilities
CVE Tools coverage
Adobe has issued security updates for 12 products to resolve 88 vulnerabilities, including several critical flaws in ColdFusion, Commerce, Experience Manager, and Illustrator. Among the 13 issues fixed in ColdFusion, eight are rated critical and could allow attackers to execute arbitrary code or escalate privileges. These include path traversal, code injection, and SQL injection vulnerabilities. Adobe recommends applying the latest updates immediately, particularly for ColdFusion 2025 update 11 and ColdFusion 2023 update 22. The company also addressed multiple high-severity issues in other software such as Commerce, Experience Manager, and Creative Cloud applications.