🔴 Critical  |  Source: The Hacker News


Adobe has issued emergency patches addressing seven CVSS 10.0 (maximum severity) vulnerabilities across ColdFusion and Campaign Classic. The flaws could allow attackers to execute arbitrary code, escalate privileges, read files from the underlying system, and bypass security controls. Given the maximum severity rating, exploitation could lead to full system compromise with no user interaction required.

Security Architect’s Take: Prioritise patching any internet-facing or internally accessible ColdFusion and Campaign Classic instances immediately — CVSS 10.0 scores indicate the highest possible exploitability and impact. Audit your estate for these products, isolate affected servers where patching cannot be applied immediately, and review web application firewall rules to block known exploit patterns while remediation is under way.

Original advisory: Adobe Patches 7 CVSS 10.0 Flaws in ColdFusion and Campaign Classic