Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: adobe (1 article)Clear

Adobe patches seven critical code execution flaws in ColdFusion and Campaign Classic

Adobe has released patches for seven critical, top-rated code execution vulnerabilities in its ColdFusion web application platform and Campaign Classic marketing tool. Six of the flaws affect ColdFusion 2025 and 2023 and stem from unrestricted file uploads, improper input validation, and path traversal, each allowing arbitrary code execution; the seventh, in Campaign Classic, is an authorization flaw with the same impact on on-premises installations. All can be exploited in low-complexity attacks without user interaction. Adobe says it is not aware of any active exploitation but assigned its highest deployment priority, urging admins to patch quickly, since ColdFusion has repeatedly been targeted by attackers and ransomware crews.

Check
Identify ColdFusion 2025 and 2023 servers and on-premises Campaign Classic instances, confirm their update levels, and prioritize any that are internet-facing for immediate patching.
Affected
ColdFusion 2025 and 2023 before Update 10 and Update 21, and on-premises Adobe Campaign Classic before build 9397; unauthenticated or low-privilege attackers can achieve arbitrary code execution in low-complexity attacks.
Fix
Install ColdFusion 2025 Update 10, ColdFusion 2023 Update 21, and Campaign Classic build 9397 within days, as Adobe advises, and restrict these platforms from direct internet exposure where possible.