Adobe ColdFusion Vulnerability Alert | July 2023

There are critical vulnerabilities in Adobe ColdFusion. Here's what you need to know.


Adobe released an advisory detailing critical security flaws (CVE-2023-38204, CVE-2023-38205, and CVE-2023-38206) in their ColdFusion product, often used for web application development and delivery. The vulnerabilities allow for an unauthenticated attacker to execute arbitrary code or commands. Adobe reports that at least one of the flaws is being actively exploited. Security patches have been released and should be applied as soon as possible.


The vulnerabilities affect the following Adobe ColdFusion products and versions:


Update number


ColdFusion 2023

Update 2 and earlier versions


ColdFusion 2021

Update 8 and earlier versions    


ColdFusion 2018

Update 18 and earlier versions



Attackers can execute arbitrary code or commands against unpatched devices, gaining a foothold into the network. From there the attacker would be able to conduct further exploitation and potentially move around the network.

Next Steps

Download and install the latest version of the affected products: