CVE-2025-49545

{"id": "CVE-2025-49545", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@adobe.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.7}]}, "published": "2025-07-08T21:15:27.670", "references": [{"url": "https://helpx.adobe.com/security/products/coldfusion/apsb25-69.html", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of URLs. Exploitation of this issue does not require user interaction and scope is changed. The vulnerable component is restricted to internal IP addresses."}, {"lang": "es", "value": "Las versiones 2025.2, 2023.14, 2021.20 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de Server-Side Request Forgery (SSRF) que podr\u00eda provocar la lectura arbitraria del sistema de archivos. Un atacante autenticado con privilegios elevados puede forzar la aplicaci\u00f3n a realizar solicitudes arbitrarias mediante la inyecci\u00f3n de URL. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario y se modifica el alcance. El componente vulnerable se limita a direcciones IP internas. "}], "lastModified": "2025-07-11T16:46:57.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A94B406-C011-4673-8C2B-0DD94D46CC4C"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFD05E3A-10F9-4C75-9710-BA46B66FF6E6"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1FC7D1D-6DD2-48B2-980F-B001B0F24473"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FA19E1D-61C2-4640-AF06-4BCFE750BDF3"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F331DEA-F3D0-4B13-AB1E-6FE39B2BB55D"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63D5CF84-4B0D-48AE-95D6-262AEA2FFDE8"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10616A3A-0C1C-474A-BD7D-A2A5BB870F74"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7DA523E-1D9B-45FD-94D9-D4F9F2B9296B"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "151AFF8B-F05C-4D27-85FC-DF88E9C11BEA"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53A0E245-2915-4DFF-AFB5-A12F5C435702"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update18:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5653D18-7534-48A3-819F-9F049A418F99"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update19:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BABC6468-A780-4080-A930-4125D1B39C51"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D57C8681-AC68-47DF-A61E-B5C4B4A47663"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F58633C9-E957-46B7-8F5B-B060A8726E33"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75608383-B727-48D6-8FFA-D552A338A562"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7773DB68-414A-4BA9-960F-52471A784379"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B38B9E86-BCD5-4BCA-8FB7-EC55905184E6"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E7BAB80-8455-4570-A2A2-8F40469EE9CC"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9D645A2-E02D-4E82-A2BD-0A7DE5B8FBCC"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E22D701-B038-4795-AA32-A18BC93C2B6F"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAC4A0EC-C3FC-47D8-86CE-0E6A87A7F0B0"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B02A37FE-5D31-4892-A3E6-156A8FE62D28"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AA3D302-CFEE-4DFD-AB92-F53C87721BFF"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "645D1B5F-2DAB-4AB8-A465-AC37FF494F95"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED6D8996-0770-4C9F-BEA5-87EA479D40A5"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4836086E-3D4A-4A07-A372-382D385CB490"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBC19168-4184-4B59-B9C8-E98844124EED"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A60DCD92-9A5B-411C-9554-642C91D77FAE"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB88D4FE-5496-4639-BAF2-9F29F24ABF29"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43E0ED98-2C1F-40B8-AF60-FEB1D85619C0"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76204873-C6E0-4202-8A03-0773270F1802"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1A22BE9-0D47-4BA8-8BDB-9B12D7A0F7C7"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3A83642-BF14-4C37-BD94-FA76AABE8ADC"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A892E1DC-F2C8-4F53-8580-A2D1BEED5A25"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB97ADBA-C1A9-4EE0-9509-68CB12358AE5"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E17C38F0-9B0F-4433-9CBD-6E3D63EA9BDC"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30779417-D4E5-4A01-BE0E-1CE1D134292A"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80D7FC6A-F264-4CB1-A18D-B091EBA47882"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2025:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3DA0D20-93BA-4C76-A400-159853CD7277"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}