CVE-2025-49544

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier

Description: The issue is related to an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. This could result in a security feature bypass, allowing a high-privileged attacker to access sensitive information or bypass security measures. The exploitation of this issue does not require user interaction.

Recommendations: For versions 2025.2, 2023.14, and 2021.20, update to a version that includes a fix for this issue. For versions earlier than 2021.20, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.