Adobe has released security updates to fix a fresh set of security flaws, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that could result in arbitrary file read and code execution.
Of the 30 flaws in the product, 11 are rated Critical in severity –
“These updates resolve critical and important vulnerabilities that could lead to arbitrary file system read, arbitrary code execution and security feature bypass,” Adobe said in an advisory.
The vulnerabilities have been resolved in the below versions –
Fixes have also been released to address several out-of-bounds write and heap-based buffer overflow bugs in After Effects (CVE-2025-27182, CVE-2025-27183), Media Encoder (CVE-2025-27194, CVE-2025-27195), Bridge (CVE-2025-27193), Premiere Pro (CVE-2025-27196), Photoshop (CVE-2025-27198), Animate (CVE-2025-27199), and FrameMaker (CVE-2025-30304, CVE-2025-30297, CVE-2025-30295) that could lead to arbitrary code execution.
Adobe also noted that it’s not aware of any exploits for any of the aforementioned shortcomings. That said, it’s essential that users update their installations to the latest version to safeguard against potential threats.
