CVE-2025-24446

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier

Description The issue is related to improper input validation, which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, such as opening a malicious file, and may also require admin panel privileges. The scope of the issue can be changed, and it may allow an attacker to gain unauthorized access to protected information.

Recommendations For ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier, consider disabling any features that rely on user input validation until a patch is available. Restrict access to the admin panel to minimize the risk of exploitation. Avoid opening malicious files from untrusted sources to prevent potential code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.