CVE-2025-61811
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-16
Assigner: Adobe Systems Incorporated
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| adobe | coldfusion | 2021.22 |
| adobe | coldfusion | 2023.16 |
| adobe | coldfusion | 2025.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Access Control issue in certain versions of ColdFusion (2025.4, 2023.16, 2021.22 and earlier) that allows an attacker with high privileges to execute arbitrary code in the context of the current user. It can be exploited without user interaction and can bypass security measures.
How can this vulnerability impact me? :
The vulnerability can allow a high privileged attacker to execute malicious code, potentially leading to full compromise of the affected system, including unauthorized access, data manipulation, or disruption of services.