Description
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
Published: 2023-07-12
Score: 9.8 Critical
EPSS: 93.7% High
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 21 Oct 2025 23:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 19:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Feb 2025 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*

Tue, 04 Feb 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2024-01-08'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Adobe Coldfusion
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2025-10-21T23:05:42.860Z

Reserved: 2023-04-04T20:46:42.578Z

Link: CVE-2023-29300

cve-icon Vulnrichment

Updated: 2024-08-02T14:07:44.360Z

cve-icon NVD

Status : Analyzed

Published: 2023-07-12T16:15:11.733

Modified: 2025-10-23T11:13:06.377

Link: CVE-2023-29300

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses