Adobe ColdFusion Deserialization Vulnerability
Overdue
Adobe / ColdFusion
CWE-502
Description
Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
References
Additional Information
- Catalog Version
- 2025.02.24
- Catalog Released
- Feb. 24, 2025
- Days Until Due
- 0 days
- Last Updated
- 5 months ago