ColdFusion — Vulnerabilities & Security Advisories 117

All 117 CVE vulnerabilities found in ColdFusion, with AI-generated Chinese analysis, references, and POCs.

Vendor: Adobe

CVE ID	Title	CVSS	Severity	Paused
CVE-2025-49543	ColdFusion \| Cross-site Scripting (Stored XSS) (CWE-79) CWE-79	4.3	Medium	2025-07-08
CVE-2025-49540	ColdFusion \| Cross-site Scripting (Stored XSS) (CWE-79) CWE-79	4.3	Medium	2025-07-08
CVE-2025-49538	ColdFusion \| XML Injection (aka Blind XPath Injection) (CWE-91) CWE-91	7.4	High	2025-07-08
CVE-2025-43565	ColdFusion \| Incorrect Authorization (CWE-863) CWE-863	8.4	High	2025-05-13
CVE-2025-43559	ColdFusion \| Improper Input Validation (CWE-20) CWE-20	9.1	Critical	2025-05-13
CVE-2025-43562	ColdFusion \| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) CWE-78	9.1	Critical	2025-05-13
CVE-2025-43566	ColdFusion \| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) CWE-22	6.8	Medium	2025-05-13
CVE-2025-43564	ColdFusion \| Incorrect Authorization (CWE-863) CWE-863	9.1	Critical	2025-05-13
CVE-2025-43563	ColdFusion \| Improper Access Control (CWE-284) CWE-284	9.1	Critical	2025-05-13
CVE-2025-43560	ColdFusion \| Improper Input Validation (CWE-20) CWE-20	9.1	Critical	2025-05-13
CVE-2025-43561	ColdFusion \| Incorrect Authorization (CWE-863) CWE-863	9.1	Critical	2025-05-13
CVE-2025-30293	ColdFusion \| Improper Input Validation (CWE-20) CWE-20	6.8	Medium	2025-04-08
CVE-2025-30287	ColdFusion \| Improper Authentication (CWE-287) CWE-287	8.2	High	2025-04-08
CVE-2025-30292	ColdFusion \| Cross-site Scripting (Reflected XSS) (CWE-79) CWE-79	6.1	Medium	2025-04-08
CVE-2025-30290	ColdFusion \| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) CWE-22	8.7	High	2025-04-08
CVE-2025-30282	ColdFusion \| Improper Authentication (CWE-287) CWE-287	9.1	Critical	2025-04-08
CVE-2025-30284	ColdFusion \| Deserialization of Untrusted Data (CWE-502) CWE-502	8.4	High	2025-04-08
CVE-2025-30294	ColdFusion \| Improper Input Validation (CWE-20) CWE-20	6.8	Medium	2025-04-08
CVE-2025-30289	ColdFusion \| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) CWE-78	8.2	High	2025-04-08
CVE-2025-30288	ColdFusion \| Improper Access Control (CWE-284) CWE-284	8.2	High	2025-04-08
CVE-2025-24446	ColdFusion \| Improper Input Validation (CWE-20) CWE-20	9.1	Critical	2025-04-08
CVE-2025-24447	ColdFusion \| Deserialization of Untrusted Data (CWE-502) CWE-502	9.1	Critical	2025-04-08
CVE-2025-30281	ColdFusion \| Improper Access Control (CWE-284) CWE-284	9.1	Critical	2025-04-08
CVE-2025-30291	ColdFusion \| Information Exposure (CWE-200) CWE-200	5.5	Medium	2025-04-08
CVE-2025-30285	ColdFusion \| Deserialization of Untrusted Data (CWE-502) CWE-502	8.4	High	2025-04-08
CVE-2025-30286	ColdFusion \| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) CWE-78	8.4	High	2025-04-08
CVE-2024-53961	ColdFusion \| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) CWE-22	8.1	High	2024-12-23
CVE-2024-41874	ColdFusion \| Deserialization of Untrusted Data (CWE-502) CWE-502	9.8	Critical	2024-09-13
CVE-2024-45113	ColdFusion \| Improper Authentication (CWE-287) CWE-287	7.5	High	2024-09-13
CVE-2024-34112	ColdFusion CFDOCUMENT file retrieval / access control bypass CWE-284	7.5	High	2024-06-13

All 117 known CVE vulnerabilities affecting ColdFusion with full Chinese analysis, references, and POCs where available.

Support Us — Your donation helps us keep running

ColdFusion — Vulnerabilities & Security Advisories 117