OS Command Injection Vulnerability in Adobe ColdFusion Products
CVE-2025-49537
7.9HIGH
What is CVE-2025-49537?
Adobe ColdFusion versions 2025.2, 2023.14, 2021.20, and earlier versions have a vulnerability that improperly neutralizes special elements used in OS commands, potentially allowing a high-privileged attacker to execute arbitrary code. This exploitation requires user interaction and is limited to internal IP addresses, increasing the risk for users who may unknowingly trigger the vulnerability.
Affected Version(s)
ColdFusion 0 <= 2021.20