CVE-2023-38204
published 2023-09-14CVE-2023-38204: Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data…
PriorityP189critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
65.49%
99.2th percentile
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | coldfusion | — | — |
| adobe | coldfusion | — | — |
| adobe | coldfusion | — | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma↗
Adobe.ColdFusion.CVE-2023-38204.Insecure.Deserialization
- →Payloads delivered in exploitation attempts are Base64-encoded; decode POST body content to /CFIDE/adminapi/accessmanager.cfc for analysis. ↗
- →Probing activity uses the interactsh tool to generate callback domains for out-of-band exploit validation; monitor DNS/HTTP callbacks to interactsh-associated domains from ColdFusion servers. ↗
- ·The exploit targets the WDDX deserialization process within Adobe ColdFusion; the vulnerability is pre-authentication, requiring no user interaction, meaning network-level exposure of the ColdFusion admin API is sufficient for exploitation. ↗
- ·Affected versions are ColdFusion 2018u18 and earlier, 2021u8 and earlier, and 2023u2 and earlier; patches were released under advisories APSB23-40, APSB23-41, and APSB23-47. ↗
- ·The Lucifer/Satan DDoS variant observed in this campaign targets Linux systems, deviating from the originally reported Windows-only targeting. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-77p2-6w3v-xjv8: Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vul
ghsa_unreviewed·2023-09-14
CVE-2023-38204 [CRITICAL] CWE-502 GHSA-77p2-6w3v-xjv8: Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vul
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
VulnCheck
Adobe ColdFusion Deserialization of Untrusted Data
vulncheck·2023·CVSS 9.8
CVE-2023-38204 [CRITICAL] Adobe ColdFusion Deserialization of Untrusted Data
Adobe ColdFusion Deserialization of Untrusted Data
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
Affected: Adobe ColdFusion
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.fortinet.com/blog/threat-research/multiple-threats-target-adobe-coldfusion-vulnerabilities; https://api.vulncheck.com/v3/index/vulncheck-canaries?cve=CVE-2023-38204&date=2025-10-17; https://api.vulncheck.com/v3/index/vulncheck-canaries?cve=CVE-2023-38204&
No detection rules found.
No public exploits indexed.
Fortinet
Multiple Threats Target Adobe ColdFusion Vulnerabilities | FortiGuard Labs
blogs_fortinet·2023-08-30
Multiple Threats Target Adobe ColdFusion Vulnerabilities | FortiGuard Labs
FORTIGUARD LABS THREAT RESEARCH
Multiple Threats Target Adobe ColdFusion Vulnerabilities
By Cara Lin | August 30, 2023
Affected platforms: Windows and macOS
Impacted parties: Users of vulnerable versions of Adobe ColdFusion
Impact: Remote attackers gain control of vulnerable systems
Severity level: Critical
This past July, Adobe responded to reports of exploits targeting pre-authentication remote code execution (RCE) vulnerabilities in their ColdFusion solution by releasing a series of security updates: APSB23-40, APSB23-41, and APSB23-47. An in-depth analysis of those exploits has been documented by Project Discovery, including a significant vulnerability in the WDDX deserialization process within Adobe ColdFusion 2021.
Since those updates, however, FortiGuard Labs IPS telemetry data
Checkpoint
24th July – Threat Intelligence Report
blogs_checkpoint·2023-07-24
CVE-2023-3519 24th July – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 24th July – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 24th July, please download our Threat_Intelligence Bulletin
TOP ATTACKS AND BREACHES
The Microsoft Exchange email account espionage campaign, which has been attributed to Chinese threat actor ‘Storm-0558’, has reportedly accessed the email account of United States ambassador to China and compromised hundreds of thousands of individual United States government emails. Researchers warn that the method used in the c
2023-09-14
Published
Exploited in the wild