Path Traversal Vulnerability in Adobe ColdFusion Products
CVE-2025-54261

9CRITICAL

Key Information:

Vendor: Adobe
Status: Coldfusion
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-54261?

Adobe ColdFusion versions 2025.3, 2023.15, and 2021.21 and earlier are susceptible to a path traversal vulnerability that allows attackers to manipulate file paths, potentially executing arbitrary code on the affected system. This security flaw stems from improper limitation of pathname restrictions, granting unauthorized access to restricted directories. Exploiting this vulnerability could result in severe compromise of the affected applications, highlighting the need for immediate security assessments and patches.

Affected Version(s)

ColdFusion 0 <= 2021.21

References

https://helpx.adobe.com/security/products/coldfusion/apsb...

vendor-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Jul 17, 2025