PT-2025-50281 · Adobe · Coldfusion
Published
2025-12-09
·
Updated
2026-02-06
·
CVE-2025-61808
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ColdFusion versions 2025.4, 2023.16, and 2021.22 and earlier
Description
ColdFusion versions 2025.4, 2023.16, and 2021.22 and earlier are susceptible to an unrestricted file upload issue with dangerous file types. Successful exploitation of this issue could allow a high-privileged attacker to execute arbitrary code. Exploitation does not require user interaction and the scope is changed.
Recommendations
Update ColdFusion to a version later than 2021.22.
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Coldfusion