PT-2025-21120 · Adobe · Coldfusion

Published

2025-05-13

Updated

2025-05-14

CVE-2025-43560

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier

Description: The issue is related to an improper input validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction.

Recommendations: For versions 2025.1, 2023.13, and 2021.19, update to a version that includes a fix for the improper input validation vulnerability. For versions earlier than 2021.19, update to a version that includes a fix for the improper input validation vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2025-05502

CVE-2025-43560

Affected Products

Coldfusion

PT-2025-21120 · Adobe · Coldfusion

CVE-2025-43560

Weakness Enumeration

Related Identifiers

Affected Products

References · 8