CVE-2025-49536

{"id": "CVE-2025-49536", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@adobe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.1}]}, "published": "2025-07-08T21:15:26.280", "references": [{"url": "https://helpx.adobe.com/security/products/coldfusion/apsb25-69.html", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. The vulnerable component is restricted to internal IP addresses."}, {"lang": "es", "value": "Las versiones 2025.2, 2023.14, 2021.20 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso no autorizado. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario. El componente vulnerable est\u00e1 restringido a direcciones IP internas."}], "lastModified": "2025-07-11T17:45:09.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A94B406-C011-4673-8C2B-0DD94D46CC4C"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFD05E3A-10F9-4C75-9710-BA46B66FF6E6"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1FC7D1D-6DD2-48B2-980F-B001B0F24473"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FA19E1D-61C2-4640-AF06-4BCFE750BDF3"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F331DEA-F3D0-4B13-AB1E-6FE39B2BB55D"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63D5CF84-4B0D-48AE-95D6-262AEA2FFDE8"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10616A3A-0C1C-474A-BD7D-A2A5BB870F74"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7DA523E-1D9B-45FD-94D9-D4F9F2B9296B"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "151AFF8B-F05C-4D27-85FC-DF88E9C11BEA"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53A0E245-2915-4DFF-AFB5-A12F5C435702"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update18:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5653D18-7534-48A3-819F-9F049A418F99"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update19:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BABC6468-A780-4080-A930-4125D1B39C51"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D57C8681-AC68-47DF-A61E-B5C4B4A47663"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F58633C9-E957-46B7-8F5B-B060A8726E33"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75608383-B727-48D6-8FFA-D552A338A562"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7773DB68-414A-4BA9-960F-52471A784379"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B38B9E86-BCD5-4BCA-8FB7-EC55905184E6"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E7BAB80-8455-4570-A2A2-8F40469EE9CC"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9D645A2-E02D-4E82-A2BD-0A7DE5B8FBCC"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E22D701-B038-4795-AA32-A18BC93C2B6F"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAC4A0EC-C3FC-47D8-86CE-0E6A87A7F0B0"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B02A37FE-5D31-4892-A3E6-156A8FE62D28"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AA3D302-CFEE-4DFD-AB92-F53C87721BFF"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "645D1B5F-2DAB-4AB8-A465-AC37FF494F95"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED6D8996-0770-4C9F-BEA5-87EA479D40A5"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4836086E-3D4A-4A07-A372-382D385CB490"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBC19168-4184-4B59-B9C8-E98844124EED"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A60DCD92-9A5B-411C-9554-642C91D77FAE"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB88D4FE-5496-4639-BAF2-9F29F24ABF29"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43E0ED98-2C1F-40B8-AF60-FEB1D85619C0"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76204873-C6E0-4202-8A03-0773270F1802"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1A22BE9-0D47-4BA8-8BDB-9B12D7A0F7C7"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3A83642-BF14-4C37-BD94-FA76AABE8ADC"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A892E1DC-F2C8-4F53-8580-A2D1BEED5A25"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB97ADBA-C1A9-4EE0-9509-68CB12358AE5"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E17C38F0-9B0F-4433-9CBD-6E3D63EA9BDC"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30779417-D4E5-4A01-BE0E-1CE1D134292A"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80D7FC6A-F264-4CB1-A18D-B091EBA47882"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3DA0D20-93BA-4C76-A400-159853CD7277"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}