PT-2025-36859 · Adobe · Coldfusion

Published

2025-09-09

Updated

2025-10-08

CVE-2025-54261

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier

Description: ColdFusion versions 2025.3, 2023.15, and 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') issue. This could allow an attacker to execute arbitrary code.

Recommendations: Update ColdFusion to a version later than 2021.21.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2025-11694

CVE-2025-54261

Affected Products

Coldfusion

PT-2025-36859 · Adobe · Coldfusion

CVE-2025-54261

Weakness Enumeration

Related Identifiers

Affected Products

References · 14