Server-Side Request Forgery Vulnerability in Adobe ColdFusion Products
CVE-2025-49545

6.2MEDIUM

Key Information:

Vendor: Adobe
Status: Coldfusion
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-49545?

Adobe ColdFusion versions 2025.2, 2023.14, and 2021.20, as well as earlier releases, are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. This flaw enables high-privilege authenticated attackers to manipulate the application into making unintended requests, potentially leading to unauthorized file system access. The vulnerability specifically targets internal IP addresses and does not require user interaction for exploitation, posing a significant risk to affected systems.

Affected Version(s)

ColdFusion 0 <= 2021.20

References

https://helpx.adobe.com/security/products/coldfusion/apsb...

vendor-advisory

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Jun 6, 2025