3 matches found
CVE-2025-54234
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs...
The vulnerability of the ColdFusion software platform, related to the restoration of unreliable data in memory, allows a hacker to execute arbitrary code.
The vulnerability of the ColdFusion software platform lies in the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the ColdFusion software platform lies in its ability to allow third-party commands to be executed through a vulnerable module of the platform, enabling attackers to execute arbitrary code.
The vulnerability of the ColdFusion software platform lies in the ability to introduce third-party commands through a vulnerable module of the platform. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...