Adobe ColdFusion Path Traversal Vulnerability Allowing Arbitrary File System Read

Vulnerability

A path traversal vulnerability has been identified in Adobe ColdFusion versions 2025.1, 2023.13, and 2021.19 and earlier. This vulnerability arises from an improper limitation of a pathname to a restricted directory, potentially leading to unauthorized read access of the file system. A high-privileged attacker could exploit this issue to bypass security protections and gain access to sensitive files. The vulnerability can be exploited without user interaction, and it changes the scope of access.

Impact

Exploitation of this vulnerability could result in unauthorized read access to the file system, allowing attackers to access sensitive information or files that should be protected.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

3.3

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

3.3

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Adobe ColdFusion Path Traversal Vulnerability Allowing Arbitrary File System Read

Vulnerability

Impact

Affected Products

Adobe ColdFusion

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating