Adobe

Coldfusion

208 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.6

CVE-2025-61821

  • EPSS 0.03%
  • Veröffentlicht 09.12.2025 23:41:11
  • Zuletzt bearbeitet 12.12.2025 18:51:08

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to acc...

5.3

CVE-2025-64898

  • EPSS 0.04%
  • Veröffentlicht 09.12.2025 23:41:10
  • Zuletzt bearbeitet 12.12.2025 18:40:26

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized ...

8.4

CVE-2025-61810

  • EPSS 5.85%
  • Veröffentlicht 09.12.2025 23:41:09
  • Zuletzt bearbeitet 12.12.2025 19:05:29

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could exploit this...

9.1

CVE-2025-61809

Medienbericht
  • EPSS 0.59%
  • Veröffentlicht 09.12.2025 23:41:08
  • Zuletzt bearbeitet 12.12.2025 19:04:51

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain una...

6.2

CVE-2025-61822

  • EPSS 0.04%
  • Veröffentlicht 09.12.2025 23:41:07
  • Zuletzt bearbeitet 12.12.2025 19:58:58

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could exploit this vulnerability to write malicious files to arbitrary loc...

5.6

CVE-2025-64897

  • EPSS 0.03%
  • Veröffentlicht 09.12.2025 23:41:07
  • Zuletzt bearbeitet 12.12.2025 18:41:18

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized write access pote...

6.2

CVE-2025-61823

  • EPSS 0.03%
  • Veröffentlicht 09.12.2025 23:41:06
  • Zuletzt bearbeitet 12.12.2025 18:42:12

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. A high privileged attacker could exploit this vulne...

9.1

CVE-2025-61811

  • EPSS 0.85%
  • Veröffentlicht 09.12.2025 23:41:05
  • Zuletzt bearbeitet 16.12.2025 16:15:58

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could leverage this vulnera...

10

CVE-2025-54261

Medienbericht
  • EPSS 3.29%
  • Veröffentlicht 09.09.2025 16:58:42
  • Zuletzt bearbeitet 03.10.2025 12:34:44

ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution by an attacker. The victim must have ...

2.7

CVE-2025-54234

  • EPSS 0.07%
  • Veröffentlicht 18.08.2025 16:43:51
  • Zuletzt bearbeitet 06.11.2025 22:23:13

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitra...