What is CVE-2025-34074?

CVE-2025-34074 is a vulnerability in Lucee Association Switzerland, classified under Code Injection. Published 2025-07-02.

Is CVE-2025-34074 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Lucee Association Switzerland

CVE-2025-34074

An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.763 (99.0th percentile) — read the EPSS interpretation.

Affected products

Lucee Association Switzerland — versions 5.0, 6.0, All versions with scheduled task functionality

Weakness classification (CWE)

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/m… (exploit)
github.com/lucee/Lucee (product)
vulncheck.com/advisories/lucee-admin-interface-rce (third-party-advisory)

Frequently asked questions

What is CVE-2025-34074?: CVE-2025-34074 is a vulnerability in Lucee Association Switzerland, classified under Code Injection. Published 2025-07-02.
Is CVE-2025-34074 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.