CVE-2025-43565 - Vulnerability Details

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction and scope is changed.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Adobe	Coldfusion

Configuration 1 [-]

OR	cpe:2.3:a:adobe:coldfusion:2021:-::::::
	cpe:2.3:a:adobe:coldfusion:2021:update1::::::
	cpe:2.3:a:adobe:coldfusion:2021:update10::::::
	cpe:2.3:a:adobe:coldfusion:2021:update11::::::
	cpe:2.3:a:adobe:coldfusion:2021:update12::::::
	cpe:2.3:a:adobe:coldfusion:2021:update13::::::
	cpe:2.3:a:adobe:coldfusion:2021:update14::::::
	cpe:2.3:a:adobe:coldfusion:2021:update15::::::
	cpe:2.3:a:adobe:coldfusion:2021:update16::::::
	cpe:2.3:a:adobe:coldfusion:2021:update17::::::
	cpe:2.3:a:adobe:coldfusion:2021:update18::::::
	cpe:2.3:a:adobe:coldfusion:2021:update19::::::
	cpe:2.3:a:adobe:coldfusion:2021:update2::::::
	cpe:2.3:a:adobe:coldfusion:2021:update3::::::
	cpe:2.3:a:adobe:coldfusion:2021:update4::::::
	cpe:2.3:a:adobe:coldfusion:2021:update5::::::
	cpe:2.3:a:adobe:coldfusion:2021:update6::::::
	cpe:2.3:a:adobe:coldfusion:2021:update7::::::
	cpe:2.3:a:adobe:coldfusion:2021:update8::::::
	cpe:2.3:a:adobe:coldfusion:2021:update9::::::
	cpe:2.3:a:adobe:coldfusion:2023:-::::::
	cpe:2.3:a:adobe:coldfusion:2023:update1::::::
	cpe:2.3:a:adobe:coldfusion:2023:update10::::::
	cpe:2.3:a:adobe:coldfusion:2023:update11::::::
	cpe:2.3:a:adobe:coldfusion:2023:update12::::::
	cpe:2.3:a:adobe:coldfusion:2023:update13::::::
	cpe:2.3:a:adobe:coldfusion:2023:update2::::::
	cpe:2.3:a:adobe:coldfusion:2023:update3::::::
	cpe:2.3:a:adobe:coldfusion:2023:update4::::::
	cpe:2.3:a:adobe:coldfusion:2023:update5::::::
	cpe:2.3:a:adobe:coldfusion:2023:update6::::::
	cpe:2.3:a:adobe:coldfusion:2023:update7::::::
	cpe:2.3:a:adobe:coldfusion:2023:update8::::::
	cpe:2.3:a:adobe:coldfusion:2023:update9::::::
	cpe:2.3:a:adobe:coldfusion:2025:-::::::
	cpe:2.3:a:adobe:coldfusion:2025:update1::::::

No data.

References

Link	Providers
https://helpx.adobe.com/security/products/coldfusion/apsb25-52.html

History

Mon, 19 May 2025 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Adobe Adobe coldfusion
CPEs		cpe:2.3:a:adobe:coldfusion:2021:-:::::: cpe:2.3:a:adobe:coldfusion:2021:update10:::::: cpe:2.3:a:adobe:coldfusion:2021:update11:::::: cpe:2.3:a:adobe:coldfusion:2021:update12:::::: cpe:2.3:a:adobe:coldfusion:2021:update13:::::: cpe:2.3:a:adobe:coldfusion:2021:update14:::::: cpe:2.3:a:adobe:coldfusion:2021:update15:::::: cpe:2.3:a:adobe:coldfusion:2021:update16:::::: cpe:2.3:a:adobe:coldfusion:2021:update17:::::: cpe:2.3:a:adobe:coldfusion:2021:update18:::::: cpe:2.3:a:adobe:coldfusion:2021:update19:::::: cpe:2.3:a:adobe:coldfusion:2021:update1:::::: cpe:2.3:a:adobe:coldfusion:2021:update2:::::: cpe:2.3:a:adobe:coldfusion:2021:update3:::::: cpe:2.3:a:adobe:coldfusion:2021:update4:::::: cpe:2.3:a:adobe:coldfusion:2021:update5:::::: cpe:2.3:a:adobe:coldfusion:2021:update6:::::: cpe:2.3:a:adobe:coldfusion:2021:update7:::::: cpe:2.3:a:adobe:coldfusion:2021:update8:::::: cpe:2.3:a:adobe:coldfusion:2021:update9:::::: cpe:2.3:a:adobe:coldfusion:2023:-:::::: cpe:2.3:a:adobe:coldfusion:2023:update10:::::: cpe:2.3:a:adobe:coldfusion:2023:update11:::::: cpe:2.3:a:adobe:coldfusion:2023:update12:::::: cpe:2.3:a:adobe:coldfusion:2023:update13:::::: cpe:2.3:a:adobe:coldfusion:2023:update1:::::: cpe:2.3:a:adobe:coldfusion:2023:update2:::::: cpe:2.3:a:adobe:coldfusion:2023:update3:::::: cpe:2.3:a:adobe:coldfusion:2023:update4:::::: cpe:2.3:a:adobe:coldfusion:2023:update5:::::: cpe:2.3:a:adobe:coldfusion:2023:update6:::::: cpe:2.3:a:adobe:coldfusion:2023:update7:::::: cpe:2.3:a:adobe:coldfusion:2023:update8:::::: cpe:2.3:a:adobe:coldfusion:2023:update9:::::: cpe:2.3:a:adobe:coldfusion:2025:-:::::: cpe:2.3:a:adobe:coldfusion:2025:update1::::::
Vendors & Products		Adobe Adobe coldfusion

Wed, 14 May 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 13 May 2025 21:00:00 +0000

Type	Values Removed	Values Added
Description		ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction and scope is changed.
Title		ColdFusion \| Incorrect Authorization (CWE-863)
Weaknesses		CWE-863
References		https://helpx.adobe.com/security/products/coldfusion/apsb25-52.html
Metrics		cvssV3_1 `{'score': 8.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2025-05-13T20:49:31.403Z

Updated: 2025-05-15T04:01:41.254Z

Reserved: 2025-04-16T16:23:13.180Z

Link: CVE-2025-43565

Vulnrichment

Updated: 2025-05-14T14:10:26.803Z

NVD

Status : Analyzed

Published: 2025-05-13T21:16:16.253

Modified: 2025-05-19T20:40:07.530

Link: CVE-2025-43565

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object