CVE-2025-49546

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier

Description: The issue is related to an Improper Access Control vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability to disrupt the availability of the application. Exploitation of this issue does not require user interaction. The vulnerable component is restricted to internal IP addresses.

Recommendations: For ColdFusion versions 2025.2, 2023.14, and 2021.20, update to a version that includes a fix for this issue. For versions prior to 2021.20, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.