virus logo Intrusion Prevention

Adobe.ColdFusion.CVE-2025-24446.Improper.Input.Validation

description-logoDescription

This indicates an attack attempt to exploit an Improper Input Validation vulnerability in Adobe ColdFusion.
The vulnerability is due to insufficient validation of user-supplied input. A remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could allow the attacker to write arbitrary files on ColdFusion's host machine.

affected-products-logoAffected Products

Adobe ColdFusion Build 331385, 12.0, 18.0 and earlier

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the latest update from the vendor.
https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2025-04-21 31.993
Modified
 Default_action:pass:drop
2025-04-08 31.986
New

References

https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html
ID 57728
Created Apr 08, 2025
Updated Apr 18, 2025
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Exploit Prediction Score 6.92%
Default Action drop
Active
Affected OS Windows, Linux, MacOS
Affected App Adobe
Profile Type Permission/Privilege/Access Control