Improper Access Control Vulnerability in Adobe ColdFusion Products
CVE-2025-61811

8.4HIGH

Key Information:

Vendor: Adobe
Status: Coldfusion
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-61811?

Adobe ColdFusion versions 2025.4, 2023.16, and 2021.22, as well as earlier iterations, are susceptible to an improper access control vulnerability that facilitates arbitrary code execution in the context of the current user. This issue allows a high-privileged attacker to circumvent established security protocols and execute harmful code, without the need for user interaction. The implications of this vulnerability could lead to significant security breaches, requiring immediate attention and mitigation.

Affected Version(s)

ColdFusion 0 <= 2021.22

References

https://helpx.adobe.com/security/products/coldfusion/apsb...

vendor-advisory

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Oct 1, 2025

JSON