CVE-2025-24446 — Improper Input Validation in Adobe Coldfusion

CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.1CRITICALNVD

EPSS

6.9%

top 8.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Coldfusion

Timeline

PublishedApr 8

Description

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution. Exploitation of this issue does not require user interaction, but admin panel privileges are required, and scope is changed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5adobe/coldfusion2025.0

▶NVDadobe/coldfusion2021, 2023, 2025+2

🔴Vulnerability Details

CVEList

ColdFusion | Improper Input Validation (CWE-20)↗2025-04-08

▶

GHSA

GHSA-658h-wc48-rw6r: ColdFusion versions 2023↗2025-04-08

▶