CVE-2025-64898

CWE-522Insufficiently Protected Credentials4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 74.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Coldfusion
Timeline
PublishedDec 10

Description

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized access by exploiting improperly stored or transmitted credentials. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5adobe/coldfusion2021.22
NVDadobe/coldfusion2021, 2023, 2025+2

🔴Vulnerability Details

2
GHSA
GHSA-q76w-cpf4-58gv: ColdFusion versions 20252025-12-10
CVEList
ColdFusion | Insufficiently Protected Credentials (CWE-522)2025-12-09

🕵️Threat Intelligence

1
Wiz
CVE-2025-64898 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-64898 (MEDIUM CVSS 5.3) | ColdFusion versions 2025.4 | cvebase.io