← ExploitWatch
HomeExploited Vulnerabilities

CVE-2017-3066 — Actively Exploited: ColdFusion (Adobe)

Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.

CVE IDCVE-2017-3066
VendorAdobe
ProductColdFusion
Vulnerability nameAdobe ColdFusion Deserialization Vulnerability
Date added2025-02-24
Remediation due2025-03-17
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
DescriptionAdobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →