ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
| Vendor | Product | Versions |
|---|---|---|
| adobe | coldfusion | 0 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| adobe | coldfusion | cert_advisory | 90% |
Updated severity to CRITICAL, marked as actively exploited, and noted that no exploit is available.
Initial creation
