CVE-2025-43564

EPSS 0.12%
Published 13.05.2025 20:49:28
Last modified 15.07.2025 18:40:34
Source psirt@adobe.com
Teams watchlist Login
Open Login

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction, and scope is changed

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Coldfusion Version2021 Update-

Adobe ≫ Coldfusion Version2021 Updateupdate1

Adobe ≫ Coldfusion Version2021 Updateupdate10

Adobe ≫ Coldfusion Version2021 Updateupdate11

Adobe ≫ Coldfusion Version2021 Updateupdate12

Adobe ≫ Coldfusion Version2021 Updateupdate13

Adobe ≫ Coldfusion Version2021 Updateupdate14

Adobe ≫ Coldfusion Version2021 Updateupdate15

Adobe ≫ Coldfusion Version2021 Updateupdate16

Adobe ≫ Coldfusion Version2021 Updateupdate17

Adobe ≫ Coldfusion Version2021 Updateupdate18

Adobe ≫ Coldfusion Version2021 Updateupdate19

Adobe ≫ Coldfusion Version2021 Updateupdate2

Adobe ≫ Coldfusion Version2021 Updateupdate3

Adobe ≫ Coldfusion Version2021 Updateupdate4

Adobe ≫ Coldfusion Version2021 Updateupdate5

Adobe ≫ Coldfusion Version2021 Updateupdate6

Adobe ≫ Coldfusion Version2021 Updateupdate7

Adobe ≫ Coldfusion Version2021 Updateupdate8

Adobe ≫ Coldfusion Version2021 Updateupdate9

Adobe ≫ Coldfusion Version2023 Update-

Adobe ≫ Coldfusion Version2023 Updateupdate1

Adobe ≫ Coldfusion Version2023 Updateupdate10

Adobe ≫ Coldfusion Version2023 Updateupdate11

Adobe ≫ Coldfusion Version2023 Updateupdate12

Adobe ≫ Coldfusion Version2023 Updateupdate13

Adobe ≫ Coldfusion Version2023 Updateupdate2

Adobe ≫ Coldfusion Version2023 Updateupdate3

Adobe ≫ Coldfusion Version2023 Updateupdate4

Adobe ≫ Coldfusion Version2023 Updateupdate5

Adobe ≫ Coldfusion Version2023 Updateupdate6

Adobe ≫ Coldfusion Version2023 Updateupdate7

Adobe ≫ Coldfusion Version2023 Updateupdate8

Adobe ≫ Coldfusion Version2023 Updateupdate9

Adobe ≫ Coldfusion Version2025 Update-

Adobe ≫ Coldfusion Version2025 Updateupdate1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.32

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.1	2.3	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
psirt@adobe.com	9.1	2.3	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://helpx.adobe.com/security/products/coldfusion/apsb25-52.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-43564

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-43564

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-43564

EUVD