Adobe ColdFusion Security Feature Bypass Vulnerability Allowing Unauthorized Write Access

Vulnerability

A vulnerability allowing improper input validation has been identified in Adobe ColdFusion versions 2023.12, 2021.18, and 2025.0 and earlier. This vulnerability could lead to a security feature bypass, allowing a high-privileged attacker to gain unauthorized write access by circumventing security protections. The exploitation of this issue does not require user interaction, and it alters the scope of access.

Impact

Exploitation of this vulnerability could result in unauthorized write access, allowing attackers to manipulate data or application behavior.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

3.1

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

3.1

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Adobe ColdFusion Security Feature Bypass Vulnerability Allowing Unauthorized Write Access

Vulnerability

Impact

Affected Products

Adobe ColdFusion

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating