CVE-2025-61813

216.73.217.22

· Published 10/12/2025 00:16 · Modified 12/12/2025 19:07

Labels: CVE-2025-61813 2025-12-10 CVE-2025-61813 CWE-611 [email protected]

Essential information

Published: 10/12/2025 00:16
Modified: 12/12/2025 19:07
Author: —
Creator: —
CVSS: 8.2 HIGH (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L

CVSS metrics

Description

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the server. Exploitation of this issue does not require user interaction and scope is changed.

NVD status

Status: Analyzed — CVE has had analysis completed and all data associations made.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:-::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update1::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update10::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update11::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update12::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update13::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update14::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update15::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update16::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update17::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update18::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update19::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update2::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update20::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update21::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update22::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update3::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update4::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update5::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update6::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update7::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update8::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2021:update9::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2023:-::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2023:update1::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2023:update10::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2023:update11::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2023:update12::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2023:update13::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2023:update14::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2023:update15::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2023:update16::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2023:update2::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2023:update3::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2023:update4::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2023:update5::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2023:update6::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2023:update7::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2023:update8::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2023:update9::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2025:-::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2025:update1::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2025:update2::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2025:update3::::::`
adobe / coldfusion	`cpe:2.3:a:adobe:coldfusion:2025:update4::::::`