Description

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. A low privileged attacker with local access could leverage this vulnerability to gain access to sensitive information which could be used to further compromise the system or bypass security mechanisms. Exploitation of this issue does not require user interaction.

Related CPE's

a

adobe

coldfusion

33

References

https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-200

[email protected]

Primary
NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2025-04-08T18:15:27.057Z

9 months ago

Last modified

2025-04-21T16:32:52.167Z

8 months ago