CVE-2025-54234

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier

Description: ColdFusion is susceptible to a Server-Side Request Forgery (SSRF) issue that may allow limited file system read access. A high-privilege authenticated attacker can exploit this by injecting arbitrary URLs, forcing the application to make requests to those URLs. This does not require any user interaction.

Recommendations: Update ColdFusion to a version later than 2021.19.