CVE-2025-61808

Summary

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not require user interaction and scope is changed.

Affected Software

VendorProductVersion RangeStatus
AdobeColdFusion0 <= 2021.22affected

Weaknesses

  • CWE-434: Unrestricted Upload of File with Dangerous Type (CWE-434)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References