Improper Restriction of XML External Entity Reference in Adobe ColdFusion
CVE-2025-49539
4.5MEDIUM
What is CVE-2025-49539?
Adobe ColdFusion versions 2025.2, 2023.14, 2021.20, and earlier are susceptible to an Improper Restriction of XML External Entity Reference (XXE) vulnerability. This flaw allows an attacker with high privileges to bypass security features and potentially access sensitive information without any user interaction. The issue is confined to internal IP addresses, posing significant risk if exploited.
Affected Version(s)
ColdFusion 0 <= 2021.20