Critical Adobe ColdFusion flaws exploited in the wild

Critical Adobe ColdFusion flaws exploited in the wild

Threat actors are actively exploiting at least two recently disclosed Adobe ColdFusion vulnerabilities in the wild, including the flaw that was not fully patched.

Last week, Adobe released security updates to address three high-risk vulnerabilities (CVE-2023-29298, CVE-2023-29300, and CVE-2023-29301). The first bug is an improper access control issue that allows bypassing implemented security restrictions and gaining unauthorized access to the application, while the second flaw could be used by an attacker for remote code execution. By exploiting the third vulnerability a remote hacker could gain unauthorized access to the application via a brute-force attack.

On July 14, Adobe issued fixes for patches for CVE-2023-38203, a deserialization issue that could lead to arbitrary code execution.

On Monday, cybersecurity firm Rapid7 warned it detected exploitation attempts involving CVE-2023-29298 and CVE-2023-38203, with attackers executing PowerShell commands to create a web shell for access to the targeted endpoint.

The CVE-2023-38203 was discovered by researchers at ProjectDiscovery who disclosed their findings on July 12. However, the blog post detailing the bug has been taken down, probably after the researchers realized they published details on a new zero-day vulnerability, instead of CVE-2023-29300 which was patched by Adobe.

Rapid7 has also warned that the fix for CVE-2023-29298 provided by Adobe is incomplete.

“There is currently no mitigation for CVE-2023-29298, but the exploit chain Rapid7 is observing in the wild relies on a secondary vulnerability for full execution on target systems. Therefore, updating to the latest available version of ColdFusion that fixes CVE-2023-38203 should still prevent the attacker behavior our MDR team is observing,” the researchers said.

Back to the list

Latest Posts

Russian GRU hackers accused of massive espionage campaign across NATO and allied nations

Russian GRU hackers accused of massive espionage campaign across NATO and allied nations

The cyber offensive reportedly struck dozens of entities, spanning both government and private sectors.
22 May 2025
Chinese-speaking threat actors exploit Cityworks zero-day to hack into US govt agencies

Chinese-speaking threat actors exploit Cityworks zero-day to hack into US govt agencies

The attacks have been ongoing since at least January 2025.
22 May 2025
Infamous Lumma stealer malware disrupted in global takedown

Infamous Lumma stealer malware disrupted in global takedown

Microsoft identified over 394,000 Windows computers infected with the Lumma malware globally.
22 May 2025