CVE-2025-61821

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2025.4, 2023.16, and 2021.22 and earlier

Description ColdFusion is affected by an Improper Restriction of XML External Entity Reference ('XXE') issue that could allow an attacker to read arbitrary files from the system. An attacker could exploit this to access sensitive files and data on the server. Exploitation of this issue does not require user interaction.

Recommendations Update ColdFusion to a version later than 2021.22.