CVE-2025-54234 | THREATINT

Description

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

PUBLISHED Reserved 2025-07-17 | Published 2025-08-18 | Updated 2025-10-01 | Assigner adobe

LOW: 2.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Problem types

Server-Side Request Forgery (SSRF) (CWE-918)

Product status

Default status

affected

Any version

affected

References

helpx.adobe.com/security/products/coldfusion/apsb25-52.html vendor-advisory

cve.org (CVE-2025-54234)

nvd.nist.gov (CVE-2025-54234)

Download JSON