137 matches found
CVE-2025-49545 ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of URLs. Exploitation...
PT-2025-28752 · Adobe · Coldfusion
Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier Description: ColdFusion is susceptible to a Server-Side Request Forgery SSRF issue that may allow arbitrary file system read. A high-privilege authenticated attacker can exploit this...
CVE-2025-43566
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. A high-privileged attacker could leverage this vulnerability to bypass security...
CVE-2025-43566
Adobe ColdFusion is affected by CVE-2025-43566: an Improper Limitation of a Pathname to a Restricted Directory (path traversal) that could allow a high-privileged attacker to read arbitrary files, without user interaction. Affected versions include 2025.1, 2023.13, 2021.19 and earlier. The underl...
CVE-2025-43564 ColdFusion | Incorrect Authorization (CWE-863)
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization...
CVE-2025-43564
Adobe ColdFusion (versions 2025.1, 2023.13, 2021.19 and earlier) is affected by an Improper Access Control vulnerability that can allow arbitrary file system read. The issue stems from improper access restrictions and could let a high-privileged attacker access or modify sensitive data without au...
CVE-2025-43563 ColdFusion | Improper Access Control (CWE-284)
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization...
CVE-2025-43563
CVE-2025-43563 affects Adobe ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier. It is an Improper Access Control vulnerability that could enable an attacker with high privileges to perform an arbitrary file system read, potentially accessing or modifying sensitive data. Exploitation requir...
PT-2025-21123 · Adobe · Coldfusion
Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier Description: The issue is related to an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or...
CVE-2025-30281
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this...
Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered
Adobe has released security updates to fix a fresh set of security flaws, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that could result in arbitrary file read and code execution. Of the 30 flaws in the product, 11 are rated Critical in severity -...
CVE-2025-30281
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitati...
CVE-2025-30281 ColdFusion | Improper Access Control (CWE-284)
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitati...
CVE-2025-30281 ColdFusion | Improper Access Control (CWE-284)
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitati...
CVE-2025-30281
CVE-2025-30281 affects Adobe ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier. The vulnerability is an Improper Access Control that could allow a high-privilege, remote attacker to access or modify sensitive data and potentially execute arbitrary code without user interaction. The issue’s...
APSB25-15 : Security update available for Adobe ColdFusion
Adobe has released security updates for ColdFusion versions 2025, 2023 and 2021. These updates resolve critical and important vulnerabilities that could lead to arbitrary file system read, arbitrary code execution and security feature bypass...
Adobe ColdFusion path traversal vulnerability (CNVD-2025-0256230)
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion suffers from a path traversal vulnerability, which arises when the program fails to...
APSB24-107 : Security update available for Adobe ColdFusion
Adobe has released security updates for ColdFusion versions 2023 and 2021. These updates resolve a critical vulnerability that could lead to arbitrary file system read...
GHSA-3FR3-GCQH-3M2G Magento Open Source Improper Input Validation vulnerability
Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended...
GHSA-G9FM-WC6H-PVGJ Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection ...