Improper Access Control in ColdFusion by Adobe
CVE-2025-64897

5.6MEDIUM

Key Information:

Vendor: Adobe
Status: Coldfusion
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-64897?

A vulnerability in ColdFusion versions 2025.4, 2023.16, and 2021.22 allows low privileged attackers to bypass security measures. This improper access control issue can lead to limited unauthorized write access, potentially resulting in denial of service. Exploitation of this vulnerability necessitates user interaction, making it crucial for organizations to address it promptly.

Affected Version(s)

ColdFusion 0 <= 2021.22

References

https://helpx.adobe.com/security/products/coldfusion/apsb...

vendor-advisory

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Nov 11, 2025

JSON