CVE-2025-49551

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier

Description: The issue is related to the use of hard-coded credentials, which could result in privilege escalation. An attacker could leverage this to gain unauthorized access to sensitive systems or data without requiring user interaction. The vulnerable component is restricted to internal IP addresses.

Recommendations: For ColdFusion versions 2025.2, 2023.14, and 2021.20, update to a version that addresses the hard-coded credentials issue. For versions prior to 2021.20, update to a version that addresses the hard-coded credentials issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.