Description
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to bypass security protections and gain unauthorized write and delete access. Exploitation of this issue does not require user interaction and scope is changed.
Related CPE's
a
adobe
coldfusion
33
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
8.7 · High
Information
Source identifier
Vulnerability status
Analyzed
Published
2025-04-08T18:15:26.883Z
11 months agoLast modified
2025-05-12T14:40:28.490Z
10 months ago