Server-Side Request Forgery Vulnerability in Adobe ColdFusion Products
CVE-2025-49545

6.2MEDIUM

Key Information:

Vendor

Adobe

Vendor
CVE Published:
8 July 2025

What is CVE-2025-49545?

Adobe ColdFusion versions 2025.2, 2023.14, and 2021.20, as well as earlier releases, are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. This flaw enables high-privilege authenticated attackers to manipulate the application into making unintended requests, potentially leading to unauthorized file system access. The vulnerability specifically targets internal IP addresses and does not require user interaction for exploitation, posing a significant risk to affected systems.

Affected Version(s)

ColdFusion 0 <= 2021.20

References

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-49545 : Server-Side Request Forgery Vulnerability in Adobe ColdFusion Products