PT-2025-50291 · Adobe · Coldfusion
Published
2025-12-09
·
Updated
2025-12-10
·
CVE-2025-64898
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier
Description
The software contains an issue with insufficiently protected credentials, potentially allowing limited unauthorized write access. An attacker could exploit improperly stored or transmitted credentials to gain unauthorized access without requiring user interaction.
Recommendations
Update ColdFusion to a version later than 2025.4.
Update ColdFusion to a version later than 2023.16.
Update ColdFusion to a version later than 2021.22.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Coldfusion