image credit: Unsplash

Adobe warns customers of a critical ColdFusion RCE exploited in attacks

July 17, 2023

Adobe warns customers of a critical ColdFusion pre-authentication remote code execution vulnerability, tracked as CVE-2023-29300 (CVSS score 9.8), that is actively exploited in attacks in the wild.

“Adobe is aware that CVE-2023-29300 has been exploited in the wild in very limited attacks targeting Adobe ColdFusion,” reads a statement sent by the company to its customers.

An unauthenticated visitor can exploit the vulnerability to remotely execute commands on vulnerable Coldfusion 2018, 2021, and 2023 servers.

The issue is a deserialization of untrusted data that was discovered by the security researcher Nicolas Zilio from CrowdStrike.

Read More on Security Affairs