ZDI-26-070 - Adobe Coldfusion and Adobe Coldfusion

February 6, 2026

Low

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe ColdFusion. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2025-61808.

Affected software

Adobe Coldfusion

Reference links

https://helpx.adobe.com/security/products/coldfusion/apsb25-105.html
http://www.zerodayinitiative.com/advisories/ZDI-26-070/

ZDI-26-070 - Adobe Coldfusion and Adobe Coldfusion

Affected software

Reference links

Get alerted to vulnerabilities in your software