Deserialization of Untrusted Data Vulnerability in ColdFusion by Adobe
CVE-2025-61810

8.4HIGH

Key Information:

Vendor: Adobe
Status: Coldfusion
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-61810?

ColdFusion is susceptible to a vulnerability that allows an attacker to exploit deserialization of untrusted data. Affected versions, including ColdFusion 2025.4, 2023.16, and 2021.22, could enable a malicious actor to execute arbitrary code in the context of the current user by interacting with the application. This exploitation involves an attacker sending maliciously crafted serialized data, presenting a risk given its potential for significant security breaches.

Affected Version(s)

ColdFusion 0 <= 2021.22

References

https://helpx.adobe.com/security/products/coldfusion/apsb...

vendor-advisory

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Oct 1, 2025

JSON