CVE-2025-43564

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier

Description: The issue is related to an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction.

Recommendations: For ColdFusion versions 2025.1, 2023.13, and 2021.19, update to a version that includes a fix for the Improper Access Control vulnerability. For versions earlier than 2021.19, update to a version that includes a fix for the Improper Access Control vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.