Adobe ColdFusion Path Traversal Vulnerability Leading to Security Feature Bypass

Vulnerability

A path traversal vulnerability allowing improper limitation of a pathname to a restricted directory has been identified in Adobe ColdFusion versions 2023.12, 2021.18, and 2025.0 and earlier. This vulnerability could enable a high-privileged attacker to bypass security protections, gaining unauthorized write and delete access. Notably, exploitation of this issue does not require user interaction, and it alters the scope of access.

Impact

Exploitation of this vulnerability could result in unauthorized write and delete access, allowing a high-privileged attacker to bypass security protections and manipulate files or data within the application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

3.1

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

3.1

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Adobe ColdFusion Path Traversal Vulnerability Leading to Security Feature Bypass

Vulnerability

Impact

Affected Products

Adobe ColdFusion

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating