Improper Access Control in Adobe ColdFusion Web Application
CVE-2025-49546
2.4LOW
What is CVE-2025-49546?
Adobe ColdFusion versions 2025.2, 2023.14, 2021.20, and earlier experience an Improper Access Control vulnerability. This weakness allows high-privileged attackers to disrupt application availability, potentially leading to denial-of-service. Notably, exploitation of this vulnerability does not require any user interaction, making it particularly dangerous. The issue is limited to requests from internal IP addresses.
Affected Version(s)
ColdFusion 0 <= 2021.20