CVE-2025-54261
ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution by an attacker. The victim must have optional configurations enabled. Scope is changed.
| Software | From | Fixed in |
|---|---|---|
| adobe / coldfusion | 2021 | 2021.x |
| adobe / coldfusion | 2021-update1 | 2021-update1.x |
| adobe / coldfusion | 2021-update10 | 2021-update10.x |
| adobe / coldfusion | 2021-update11 | 2021-update11.x |
| adobe / coldfusion | 2021-update12 | 2021-update12.x |
| adobe / coldfusion | 2021-update13 | 2021-update13.x |
| adobe / coldfusion | 2021-update14 | 2021-update14.x |
| adobe / coldfusion | 2021-update15 | 2021-update15.x |
| adobe / coldfusion | 2021-update16 | 2021-update16.x |
| adobe / coldfusion | 2021-update17 | 2021-update17.x |
| adobe / coldfusion | 2021-update18 | 2021-update18.x |
| adobe / coldfusion | 2021-update19 | 2021-update19.x |
| adobe / coldfusion | 2021-update2 | 2021-update2.x |
| adobe / coldfusion | 2021-update20 | 2021-update20.x |
| adobe / coldfusion | 2021-update21 | 2021-update21.x |
| adobe / coldfusion | 2021-update3 | 2021-update3.x |
| adobe / coldfusion | 2021-update4 | 2021-update4.x |
| adobe / coldfusion | 2021-update5 | 2021-update5.x |
| adobe / coldfusion | 2021-update6 | 2021-update6.x |
| adobe / coldfusion | 2021-update7 | 2021-update7.x |
| adobe / coldfusion | 2021-update8 | 2021-update8.x |
| adobe / coldfusion | 2021-update9 | 2021-update9.x |
| adobe / coldfusion | 2023 | 2023.x |
| adobe / coldfusion | 2023-update1 | 2023-update1.x |
| adobe / coldfusion | 2023-update10 | 2023-update10.x |
| adobe / coldfusion | 2023-update11 | 2023-update11.x |
| adobe / coldfusion | 2023-update12 | 2023-update12.x |
| adobe / coldfusion | 2023-update13 | 2023-update13.x |
| adobe / coldfusion | 2023-update14 | 2023-update14.x |
| adobe / coldfusion | 2023-update15 | 2023-update15.x |
| adobe / coldfusion | 2023-update2 | 2023-update2.x |
| adobe / coldfusion | 2023-update3 | 2023-update3.x |
| adobe / coldfusion | 2023-update4 | 2023-update4.x |
| adobe / coldfusion | 2023-update5 | 2023-update5.x |
| adobe / coldfusion | 2023-update6 | 2023-update6.x |
| adobe / coldfusion | 2023-update7 | 2023-update7.x |
| adobe / coldfusion | 2023-update8 | 2023-update8.x |
| adobe / coldfusion | 2023-update9 | 2023-update9.x |
| adobe / coldfusion | 2025 | 2025.x |
| adobe / coldfusion | 2025-update1 | 2025-update1.x |
| adobe / coldfusion | 2025-update2 | 2025-update2.x |
| adobe / coldfusion | 2025-update3 | 2025-update3.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime