CVE-2017-3066 - Adobe ColdFusion Deserialization Vulnerability
Project:Adobe
Product:ColdFusion
Date Added:2025-02-24Due Date:2025-03-17
Vulnerability Name
Adobe ColdFusion Deserialization Vulnerability
Description
Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html
https://nvd.nist.gov/vuln/detail/CVE-2017-3066
Related News Articles
Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISAFebruary 25, 2025
