CVE-2025-43563

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier

Description: The issue is related to an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction.

Recommendations: For ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier, update to a version that includes a fix for the Improper Access Control vulnerability to prevent arbitrary file system read. At the moment, there is no information about a newer version that contains a fix for this vulnerability.