| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2025-34074 | 2 Jul 202519:26 | – | attackerkb | |
| The vulnerability of the administrative interface of the Java Lucee virtual machine allows a perpetrator to execute arbitrary code. | 9 Jun 202600:00 | – | bdu_fstec | |
| CVE-2025-34074 | 2 Mar 202314:13 | – | circl | |
| Lucee 安全漏洞 | 2 Jul 202500:00 | – | cnnvd | |
| CVE-2025-34074 Lucee Admin Interface Authenticated Remote Code Execution via Scheduled Job File Write | 2 Jul 202519:26 | – | cvelist | |
| EUVD-2025-19755 | 3 Oct 202520:07 | – | euvd | |
| Lucee Authenticated Scheduled Job Code Execution | 2 Mar 202319:51 | – | metasploit | |
| CVE-2025-34074 | 2 Jul 202520:15 | – | nvd | |
| CVE-2025-34074 | 2 Jul 202520:15 | – | osv | |
| PT-2025-27666 | 2 Jul 202500:00 | – | ptsecurity |
[
{
"defaultStatus": "unaffected",
"modules": [
"Lucee Administrative Web Interface — Scheduled Task Handler",
"file (used during job update via action=services.schedule&action2=edit)"
],
"product": "Lucee",
"vendor": "Lucee Association Switzerland",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "All versions with scheduled task functionality"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| login_passwordweb | request body | /lucee/admin/web.cfm | Authentication request to Lucee admin interface (required to access scheduling features). | CWE-829, CWE-94 |
| lang | request body | /lucee/admin/web.cfm | Authentication request to Lucee admin interface (required to access scheduling features). | CWE-829, CWE-94 |
| rememberMe | request body | /lucee/admin/web.cfm | Authentication request to Lucee admin interface (required to access scheduling features). | CWE-829, CWE-94 |
| submit | request body | /lucee/admin/web.cfm | Authentication request to Lucee admin interface (required to access scheduling features). | CWE-829, CWE-94 |
| action | query param | /lucee/admin/web.cfm | Create scheduled job for fetching and executing remote CFML payload via the Lucee scheduled task feature. | CWE-829, CWE-94 |
| action2 | query param | /lucee/admin/web.cfm | Create scheduled job for fetching and executing remote CFML payload via the Lucee scheduled task feature. | CWE-829, CWE-94 |
| name | query param | /lucee/admin/web.cfm | Create scheduled job for fetching and executing remote CFML payload via the Lucee scheduled task feature. | CWE-829, CWE-94 |
| url | query param | /lucee/admin/web.cfm | Create scheduled job for fetching and executing remote CFML payload via the Lucee scheduled task feature. | CWE-829, CWE-94 |
| interval | query param | /lucee/admin/web.cfm | Create scheduled job for fetching and executing remote CFML payload via the Lucee scheduled task feature. | CWE-829, CWE-94 |
| start_day | query param | /lucee/admin/web.cfm | Create scheduled job for fetching and executing remote CFML payload via the Lucee scheduled task feature. | CWE-829, CWE-94 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation