1. Home
  2. CVE Database
  3. CVE-2025-49545
MEDIUM · 6.2

CVE-2025-49545

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privilege authenticate...

Vulnerability Description

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of URLs. Exploitation of this issue does not require user interaction and scope is changed. The vulnerable component is restricted to internal IP addresses.

CVSS Score

6.2

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
AdobeColdfusion2021

Related Weaknesses (CWE)

CWE-918

References

FAQ

What is CVE-2025-49545?

CVE-2025-49545 is a vulnerability with a CVSS score of 6.2 (MEDIUM). ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privilege authenticate...

How severe is CVE-2025-49545?

CVE-2025-49545 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-49545?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Coldfusion.