Adobe has released patches for seven critical, top-rated code execution vulnerabilities in its ColdFusion web application platform and Campaign Classic marketing tool. Six of the flaws affect ColdFusion 2025 and 2023 and stem from unrestricted file uploads, improper input validation, and path traversal, each allowing arbitrary code execution; the seventh, in Campaign Classic, is an authorization flaw with the same impact on on-premises installations. All can be exploited in low-complexity attacks without user interaction. Adobe says it is not aware of any active exploitation but assigned its highest deployment priority, urging admins to patch quickly, since ColdFusion has repeatedly been targeted by attackers and ransomware crews.