CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Adobe Patches Critical Apache Tika Bug in ColdFusion

Adobe has released patches for 25 vulnerabilities across its products, including a critical Apache Tika flaw in ColdFusion. The post Adobe Patches Critical Apache Tika Bug in ColdFusion appeared first on SecurityWeek.

Adobe vulnerabilities

Adobe has released security updates for 11 products on January 2026 Patch Tuesday, addressing a total of 25 vulnerabilities, including a critical code execution flaw.

The critical-severity issue, tracked as CVE-2025-66516 (CVSS score of 10/10), is an XML External Entity (XXE) injection bug in Apache Tika modules that could be exploited via XFA files placed inside PDF documents.

The security defect was patched in early December, when Apache warned that successful exploitation could lead to information leaks, SSRF attacks, denial-of-service (DoS), or remote code execution (RCE).

On Tuesday, Adobe released a ColdFusion security update to resolve CVE-2025-66516, noting that all ColdFusion 2025 Update 5 and earlier versions, and ColdFusion 2023 Update 17 and earlier versions are affected, on all platforms.

The vulnerability was addressed in ColdFusion 2025 Update 6 and ColdFusion 2023 Update 18. Adobe has slapped a priority rating of ‘1’ on the security bulletin, urging users to update as soon as possible.

Another Adobe product that received an update on January 2026 Patch Tuesday is Dreamweaver. The security refresh resolves five high-severity flaws, four leading to arbitrary code execution and one leading to arbitrary system file write.

High-severity security defects were resolved in Bridge, Illustrator, InCopy, InDesign, Substance 3D Modeler, Substance 3D Sampler, Substance 3D Stager, and Substance 3D Painter. For some products, the updates also fixed medium-severity bugs.

Adobe also released fixes for a medium-severity vulnerability in Substance 3D Designer, warning it could lead to memory leaks.

All the remaining advisories have a priority rating of ‘3’, as the issues were addressed in products that have not been historically targeted in attacks.

The company makes no mention of any of these vulnerabilities being exploited in the wild. Additional information can be found on Adobe’s security advisories page.

Microsoft on Tuesday patched 112 vulnerabilities, including a zero-day exploited in attacks.

Related: Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities

Related: SAP’s January 2026 Security Updates Patch Critical Vulnerabilities

Related: Adobe Patches Nearly 140 Vulnerabilities

Related: Cyber Insights 2026: External Attack Surface Management

Latest News

CYBERNEWSMEDIAPublisher