Improper Access Control Vulnerability in Adobe ColdFusion
CVE-2025-43564

7.2HIGH

Key Information:

Vendor: Adobe
Status: Coldfusion
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-43564?

Adobe ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are vulnerable to an improper access control issue that allows attackers to read arbitrary files from the system. This vulnerability enables unauthorized access and potential modification of sensitive data. Notably, exploitation does not require any user interaction, making it particularly concerning for organizations utilizing ColdFusion. Comprehensive security measures are advised to mitigate the risk associated with this vulnerability.

Affected Version(s)

ColdFusion 0 <= 2021.19

References

https://helpx.adobe.com/security/products/coldfusion/apsb...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Apr 16, 2025