CVE-2025-49546 — LOW (2.4) — White Hats Nepal

Vulnerability Description

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Access Control vulnerability that could lead to a partial application denial-of-service. A high-privileged attacker could exploit this vulnerability to partially disrupt the availability of the application. Exploitation of this issue does not require user interaction and scope is unchanged. The vulnerable component is restricted to internal IP addresses.

CVSS Score

2.4

LOW

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Adobe	Coldfusion	2021

Related Weaknesses (CWE)

CWE-284

References

https://helpx.adobe.com/security/products/coldfusion/apsb25-69.htmlVendor Advisory

FAQ

What is CVE-2025-49546?

CVE-2025-49546 is a vulnerability with a CVSS score of 2.4 (LOW). ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Access Control vulnerability that could lead to a partial application denial-of-service. A high-privileged attacker...

How severe is CVE-2025-49546?

CVE-2025-49546 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-49546?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Coldfusion.