CVE-2025-49535

{"id": "CVE-2025-49535", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@adobe.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.8}]}, "published": "2025-07-08T21:15:26.113", "references": [{"url": "https://helpx.adobe.com/security/products/coldfusion/apsb25-69.html", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security feature bypass. An attacker could exploit this vulnerability to access sensitive information or denial of service by bypassing security measures. Exploitation of this issue does not require user interaction and scope is changed. The vulnerable component is restricted to internal IP addresses."}, {"lang": "es", "value": "Las versiones 2025.2, 2023.14, 2021.20 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de restricci\u00f3n incorrecta de referencias de entidades externas XML ('XXE') que podr\u00eda resultar en la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante podr\u00eda explotar esta vulnerabilidad para acceder a informaci\u00f3n confidencial o realizar una denegaci\u00f3n de servicio evadiendo las medidas de seguridad. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario y se modifica el alcance. El componente vulnerable est\u00e1 restringido a direcciones IP internas."}], "lastModified": "2025-07-11T16:46:44.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A94B406-C011-4673-8C2B-0DD94D46CC4C"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFD05E3A-10F9-4C75-9710-BA46B66FF6E6"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1FC7D1D-6DD2-48B2-980F-B001B0F24473"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FA19E1D-61C2-4640-AF06-4BCFE750BDF3"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F331DEA-F3D0-4B13-AB1E-6FE39B2BB55D"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63D5CF84-4B0D-48AE-95D6-262AEA2FFDE8"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10616A3A-0C1C-474A-BD7D-A2A5BB870F74"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7DA523E-1D9B-45FD-94D9-D4F9F2B9296B"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "151AFF8B-F05C-4D27-85FC-DF88E9C11BEA"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53A0E245-2915-4DFF-AFB5-A12F5C435702"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update18:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5653D18-7534-48A3-819F-9F049A418F99"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update19:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BABC6468-A780-4080-A930-4125D1B39C51"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D57C8681-AC68-47DF-A61E-B5C4B4A47663"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F58633C9-E957-46B7-8F5B-B060A8726E33"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75608383-B727-48D6-8FFA-D552A338A562"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7773DB68-414A-4BA9-960F-52471A784379"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B38B9E86-BCD5-4BCA-8FB7-EC55905184E6"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E7BAB80-8455-4570-A2A2-8F40469EE9CC"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9D645A2-E02D-4E82-A2BD-0A7DE5B8FBCC"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E22D701-B038-4795-AA32-A18BC93C2B6F"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAC4A0EC-C3FC-47D8-86CE-0E6A87A7F0B0"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B02A37FE-5D31-4892-A3E6-156A8FE62D28"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AA3D302-CFEE-4DFD-AB92-F53C87721BFF"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "645D1B5F-2DAB-4AB8-A465-AC37FF494F95"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED6D8996-0770-4C9F-BEA5-87EA479D40A5"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4836086E-3D4A-4A07-A372-382D385CB490"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBC19168-4184-4B59-B9C8-E98844124EED"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A60DCD92-9A5B-411C-9554-642C91D77FAE"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB88D4FE-5496-4639-BAF2-9F29F24ABF29"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43E0ED98-2C1F-40B8-AF60-FEB1D85619C0"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76204873-C6E0-4202-8A03-0773270F1802"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1A22BE9-0D47-4BA8-8BDB-9B12D7A0F7C7"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3A83642-BF14-4C37-BD94-FA76AABE8ADC"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A892E1DC-F2C8-4F53-8580-A2D1BEED5A25"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB97ADBA-C1A9-4EE0-9509-68CB12358AE5"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E17C38F0-9B0F-4433-9CBD-6E3D63EA9BDC"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30779417-D4E5-4A01-BE0E-1CE1D134292A"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80D7FC6A-F264-4CB1-A18D-B091EBA47882"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3DA0D20-93BA-4C76-A400-159853CD7277"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}