Lucene search
K

CVE-2025-34074

🗓️ 02 Jul 2025 19:26:31Reported by VulnCheckType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 37 Views🌐 WEB

Authenticated remote code execution in Lucee Admin Interface through insecure scheduled tasks.

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2025-34074
2 Jul 202519:26
attackerkb
BDU FSTEC
The vulnerability of the administrative interface of the Java Lucee virtual machine allows a perpetrator to execute arbitrary code.
9 Jun 202600:00
bdu_fstec
Circl
CVE-2025-34074
2 Mar 202314:13
circl
CNNVD
Lucee 安全漏洞
2 Jul 202500:00
cnnvd
Cvelist
CVE-2025-34074 Lucee Admin Interface Authenticated Remote Code Execution via Scheduled Job File Write
2 Jul 202519:26
cvelist
EUVD
EUVD-2025-19755
3 Oct 202520:07
euvd
Metasploit
Lucee Authenticated Scheduled Job Code Execution
2 Mar 202319:51
metasploit
NVD
CVE-2025-34074
2 Jul 202520:15
nvd
OSV
CVE-2025-34074
2 Jul 202520:15
osv
Positive Technologies
PT-2025-27666
2 Jul 202500:00
ptsecurity
Rows per page
[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Lucee Administrative Web Interface — Scheduled Task Handler",
      "file (used during job update via action=services.schedule&action2=edit)"
    ],
    "product": "Lucee",
    "vendor": "Lucee Association Switzerland",
    "versions": [
      {
        "status": "affected",
        "version": "5.0"
      },
      {
        "status": "affected",
        "version": "6.0"
      },
      {
        "status": "affected",
        "version": "All versions with scheduled task functionality"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
login_passwordwebrequest body/lucee/admin/web.cfmAuthentication request to Lucee admin interface (required to access scheduling features).CWE-829CWE-94
langrequest body/lucee/admin/web.cfmAuthentication request to Lucee admin interface (required to access scheduling features).CWE-829CWE-94
rememberMerequest body/lucee/admin/web.cfmAuthentication request to Lucee admin interface (required to access scheduling features).CWE-829CWE-94
submitrequest body/lucee/admin/web.cfmAuthentication request to Lucee admin interface (required to access scheduling features).CWE-829CWE-94
actionquery param/lucee/admin/web.cfmCreate scheduled job for fetching and executing remote CFML payload via the Lucee scheduled task feature.CWE-829CWE-94
action2query param/lucee/admin/web.cfmCreate scheduled job for fetching and executing remote CFML payload via the Lucee scheduled task feature.CWE-829CWE-94
namequery param/lucee/admin/web.cfmCreate scheduled job for fetching and executing remote CFML payload via the Lucee scheduled task feature.CWE-829CWE-94
urlquery param/lucee/admin/web.cfmCreate scheduled job for fetching and executing remote CFML payload via the Lucee scheduled task feature.CWE-829CWE-94
intervalquery param/lucee/admin/web.cfmCreate scheduled job for fetching and executing remote CFML payload via the Lucee scheduled task feature.CWE-829CWE-94
start_dayquery param/lucee/admin/web.cfmCreate scheduled job for fetching and executing remote CFML payload via the Lucee scheduled task feature.CWE-829CWE-94
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 09:13Current
7.6High risk
Vulners AI Score7.6
CVSS 49.4
EPSS0.01134
SSVC
37