CVE-2025-49551

Published Jul 8, 2025

Last updated 7 days ago

CVSS high 8.8

Overview

Description: ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Use of Hard-coded Credentials vulnerability that could result in privilege escalation. An attacker could leverage this vulnerability to gain unauthorized access to sensitive systems or data. Exploitation of this issue does not require user interaction. The vulnerable component is restricted to internal IP addresses.
Source: psirt@adobe.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

psirt@adobe.com: CWE-798

Hype score: Not currently trending

CVE-2025-49551 ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Use of Hard-coded Credentials vulnerability that could result in privilege escalation. An a… https://t.co/erTMGU8zha
@CVEnew
9 Jul 2025
182 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A94B406-C011-4673-8C2B-0DD94D46CC4C"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFD05E3A-10F9-4C75-9710-BA46B66FF6E6"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1FC7D1D-6DD2-48B2-980F-B001B0F24473"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FA19E1D-61C2-4640-AF06-4BCFE750BDF3"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F331DEA-F3D0-4B13-AB1E-6FE39B2BB55D"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63D5CF84-4B0D-48AE-95D6-262AEA2FFDE8"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10616A3A-0C1C-474A-BD7D-A2A5BB870F74"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7DA523E-1D9B-45FD-94D9-D4F9F2B9296B"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update16:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "151AFF8B-F05C-4D27-85FC-DF88E9C11BEA"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update17:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53A0E245-2915-4DFF-AFB5-A12F5C435702"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update18:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5653D18-7534-48A3-819F-9F049A418F99"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update19:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BABC6468-A780-4080-A930-4125D1B39C51"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D57C8681-AC68-47DF-A61E-B5C4B4A47663"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update20:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F58633C9-E957-46B7-8F5B-B060A8726E33"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75608383-B727-48D6-8FFA-D552A338A562"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7773DB68-414A-4BA9-960F-52471A784379"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B38B9E86-BCD5-4BCA-8FB7-EC55905184E6"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E7BAB80-8455-4570-A2A2-8F40469EE9CC"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9D645A2-E02D-4E82-A2BD-0A7DE5B8FBCC"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E22D701-B038-4795-AA32-A18BC93C2B6F"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2021:update9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CAC4A0EC-C3FC-47D8-86CE-0E6A87A7F0B0"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B02A37FE-5D31-4892-A3E6-156A8FE62D28"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AA3D302-CFEE-4DFD-AB92-F53C87721BFF"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "645D1B5F-2DAB-4AB8-A465-AC37FF494F95"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED6D8996-0770-4C9F-BEA5-87EA479D40A5"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4836086E-3D4A-4A07-A372-382D385CB490"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBC19168-4184-4B59-B9C8-E98844124EED"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A60DCD92-9A5B-411C-9554-642C91D77FAE"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB88D4FE-5496-4639-BAF2-9F29F24ABF29"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43E0ED98-2C1F-40B8-AF60-FEB1D85619C0"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76204873-C6E0-4202-8A03-0773270F1802"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1A22BE9-0D47-4BA8-8BDB-9B12D7A0F7C7"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3A83642-BF14-4C37-BD94-FA76AABE8ADC"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A892E1DC-F2C8-4F53-8580-A2D1BEED5A25"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB97ADBA-C1A9-4EE0-9509-68CB12358AE5"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E17C38F0-9B0F-4433-9CBD-6E3D63EA9BDC"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30779417-D4E5-4A01-BE0E-1CE1D134292A"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2025:update1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80D7FC6A-F264-4CB1-A18D-B091EBA47882"
          },
          {
            "criteria": "cpe:2.3:a:adobe:coldfusion:2025:update2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3DA0D20-93BA-4C76-A400-159853CD7277"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References