PT-2025-28752 · Adobe · Coldfusion
Published
2025-07-08
·
Updated
2025-07-09
·
CVE-2025-49545
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier
Description:
ColdFusion is susceptible to a Server-Side Request Forgery (SSRF) issue that may allow arbitrary file system read. A high-privilege authenticated attacker can exploit this issue by injecting URLs, forcing the application to make arbitrary requests. The vulnerability is limited to internal IP addresses.
Recommendations:
ColdFusion versions prior to 2025.2 are affected.
ColdFusion versions prior to 2023.14 are affected.
ColdFusion versions prior to 2021.20 are affected.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Coldfusion