Multiple Threats Target Adobe ColdFusion Vulnerabilities

Affected platforms: Windows and macOS
Impacted parties: Users of vulnerable versions of Adobe ColdFusion
Impact: Remote attackers gain control of vulnerable systems
Severity level: Critical

This past July, Adobe responded to reports of exploits targeting pre-authentication remote code execution (RCE) vulnerabilities in their ColdFusion solution by releasing a series of security updates: APSB23-40, APSB23-41, and APSB23-47. An in-depth analysis of those exploits has been documented by Project Discovery, including a significant vulnerability in the WDDX deserialization process within Adobe ColdFusion 2021.

Since those updates, however, FortiGuard Labs IPS telemetry data has continued to detect numerous efforts to exploit the Adobe ColdFusion deserialization of untrusted data vulnerability, which poses a significant risk of arbitrary code execution (Figure 1). These attacks include probing, establishing reverse shells, and deploying malware for subsequent actions. This article provides a detailed analysis of how this threat group exploits the Adobe ColdFusion vulnerability.