Description
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction.
Products
- Adobe ColdFusion 2021
- Adobe ColdFusion 2021 Update 10
- Adobe ColdFusion 2021 Update 11
- Adobe ColdFusion 2021 Update 12
- Adobe ColdFusion 2021 Update 13
- Adobe ColdFusion 2021 Update 14
- Adobe ColdFusion 2021 Update 15
- Adobe ColdFusion 2021 Update 16
- Adobe ColdFusion 2021 Update 17
- Adobe ColdFusion 2021 Update 18
- Adobe ColdFusion 2021 Update 19
- Adobe ColdFusion 2021 Update 1
- Adobe ColdFusion 2021 Update 2
- Adobe ColdFusion 2021 Update 3
- Adobe ColdFusion 2021 Update 4
- Adobe ColdFusion 2021 Update 5
- Adobe ColdFusion 2021 Update 6
- Adobe ColdFusion 2021 Update 7
- Adobe ColdFusion 2021 Update 8
- Adobe ColdFusion 2021 Update 9
- Adobe ColdFusion 2023 -
- Adobe ColdFusion 2023 Update 10
- Adobe ColdFusion 2023 Update 11
- Adobe ColdFusion 2023 Update 12
- Adobe ColdFusion 2023 Update 13
- Adobe ColdFusion 2023 Update 1
- Adobe ColdFusion 2023 Update 2
- Adobe ColdFusion 2023 Update 3
- Adobe ColdFusion 2023 Update 4
- Adobe ColdFusion 2023 Update 5
- Adobe ColdFusion 2023 Update 6
- Adobe ColdFusion 2023 Update 7
- Adobe ColdFusion 2023 Update 8
- Adobe ColdFusion 2023 Update 9
- Adobe ColdFusion 2025
- Adobe ColdFusion 2025 Update 1
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2025-43564, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2025-43564 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References