Improper Access Control in Adobe ColdFusion Web Application
CVE-2025-49546

2.4LOW

Key Information:

Vendor

Adobe

Vendor
CVE Published:
8 July 2025

What is CVE-2025-49546?

Adobe ColdFusion versions 2025.2, 2023.14, 2021.20, and earlier experience an Improper Access Control vulnerability. This weakness allows high-privileged attackers to disrupt application availability, potentially leading to denial-of-service. Notably, exploitation of this vulnerability does not require any user interaction, making it particularly dangerous. The issue is limited to requests from internal IP addresses.

Affected Version(s)

ColdFusion 0 <= 2021.20

References

CVSS V3.1

Score:
2.4
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-49546 : Improper Access Control in Adobe ColdFusion Web Application