ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution by an attacker. The victim must have optional configurations enabled. Scope is changed.
2025-09-09T17:15:59.477
2025-10-03T12:34:44.777
Analyzed
CVSSv3.1: 10.0 (CRITICAL)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2025 | Yes |
| Application | adobe | coldfusion | 2025 | Yes |
| Application | adobe | coldfusion | 2025 | Yes |
| Application | adobe | coldfusion | 2025 | Yes |