CVE-2025-61823

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2025.4, 2023.16, and 2021.22 and earlier

Description An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists in ColdFusion, potentially allowing an attacker to read arbitrary files from the system. A high-privileged attacker could exploit this to access sensitive files and data on the server. Exploitation requires user interaction.

Recommendations Update ColdFusion to a version later than 2021.22.