Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

A deserialization of untrusted data vulnerability in Adobe ColdFusion versions  2021 and 2018 leads to arbitrary remote code execution.