Volerion logoVolerion
Volerion logoVolerion

Adobe ColdFusion Server-Side Request Forgery Vulnerability Allowing Limited File System Read

Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in Adobe ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier. This vulnerability allows high-privilege authenticated attackers to inject arbitrary URLs, forcing the application to make unintended requests that could result in limited file system read access. Exploitation of this vulnerability does not require user interaction.

Impact

Exploitation of this vulnerability could lead to unauthorized access to certain files on the server's file system.

Remediation

Users are advised to update to ColdFusion 2025 Update 2, ColdFusion 2023 Update 14, or ColdFusion 2021 Update 20. For instructions on applying these updates, refer to the Adobe ColdFusion downloads page or the respective Tech Notes for each version. Additionally, review the ColdFusion Lockdown Guides for security configuration recommendations.

Added: Aug 18, 2025, 5:24 PM
Updated: Aug 18, 2025, 5:24 PM

Vulnerability Rating

Custom Algorithm
spread
6.4
impact
3.3
exploitability
5.0
remediation
7.7
relevance
0.3
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.