CVE-2025-54234
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.
| Software | From | Fixed in |
|---|---|---|
| adobe / coldfusion | 2021 | 2021.x |
| adobe / coldfusion | 2021-update1 | 2021-update1.x |
| adobe / coldfusion | 2021-update10 | 2021-update10.x |
| adobe / coldfusion | 2021-update11 | 2021-update11.x |
| adobe / coldfusion | 2021-update12 | 2021-update12.x |
| adobe / coldfusion | 2021-update13 | 2021-update13.x |
| adobe / coldfusion | 2021-update14 | 2021-update14.x |
| adobe / coldfusion | 2021-update15 | 2021-update15.x |
| adobe / coldfusion | 2021-update16 | 2021-update16.x |
| adobe / coldfusion | 2021-update17 | 2021-update17.x |
| adobe / coldfusion | 2021-update18 | 2021-update18.x |
| adobe / coldfusion | 2021-update19 | 2021-update19.x |
| adobe / coldfusion | 2021-update2 | 2021-update2.x |
| adobe / coldfusion | 2021-update3 | 2021-update3.x |
| adobe / coldfusion | 2021-update4 | 2021-update4.x |
| adobe / coldfusion | 2021-update5 | 2021-update5.x |
| adobe / coldfusion | 2021-update6 | 2021-update6.x |
| adobe / coldfusion | 2021-update7 | 2021-update7.x |
| adobe / coldfusion | 2021-update8 | 2021-update8.x |
| adobe / coldfusion | 2021-update9 | 2021-update9.x |
| adobe / coldfusion | 2023 | 2023.x |
| adobe / coldfusion | 2023-update1 | 2023-update1.x |
| adobe / coldfusion | 2023-update10 | 2023-update10.x |
| adobe / coldfusion | 2023-update11 | 2023-update11.x |
| adobe / coldfusion | 2023-update12 | 2023-update12.x |
| adobe / coldfusion | 2023-update13 | 2023-update13.x |
| adobe / coldfusion | 2023-update2 | 2023-update2.x |
| adobe / coldfusion | 2023-update3 | 2023-update3.x |
| adobe / coldfusion | 2023-update4 | 2023-update4.x |
| adobe / coldfusion | 2023-update5 | 2023-update5.x |
| adobe / coldfusion | 2023-update6 | 2023-update6.x |
| adobe / coldfusion | 2023-update7 | 2023-update7.x |
| adobe / coldfusion | 2023-update8 | 2023-update8.x |
| adobe / coldfusion | 2023-update9 | 2023-update9.x |
| adobe / coldfusion | 2025 | 2025.x |
| adobe / coldfusion | 2025-update1 | 2025-update1.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime