Server-Side Request Forgery Vulnerability in Adobe ColdFusion Products
CVE-2025-49545
6.2MEDIUM
What is CVE-2025-49545?
Adobe ColdFusion versions 2025.2, 2023.14, and 2021.20, as well as earlier releases, are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. This flaw enables high-privilege authenticated attackers to manipulate the application into making unintended requests, potentially leading to unauthorized file system access. The vulnerability specifically targets internal IP addresses and does not require user interaction for exploitation, posing a significant risk to affected systems.
Affected Version(s)
ColdFusion 0 <= 2021.20