ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application and scope is changed.
2025-04-08T20:15:26.430
2025-04-21T18:37:56.057
Analyzed
CVSSv3.1: 8.2 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2025 | Yes |