CVE-2025-49536

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier ColdFusion versions prior to 2025.3

Description: The issue is related to an incorrect authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. The exploitation of this issue does not require user interaction. The vulnerable component is restricted to internal IP addresses.

Recommendations: For versions 2025.2, 2023.14, and 2021.20, update to a version later than 2025.2 to resolve the issue. For versions prior to 2025.3, update to version 2025.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable component to minimize the risk of exploitation.