Adobe Coldfusion 2025

13 CVEs affecting Adobe Coldfusion 2025. Latest disclosed: 2026-07-14. Critical: 8, High: 3.

Top CVEs affecting Adobe Coldfusion 2025
CVESeverityScorePublishedSummary
CVE-2026-48318Critical9.92026-07-14ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file sys…
CVE-2026-48322Critical9.62026-07-14ColdFusion is affected by an Improper Control of Generation of Code ('Code Injection') vulnerability that could result in arbitrary code execution in the conte…
CVE-2026-48284Critical9.62026-07-14ColdFusion is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploita…
CVE-2026-48325Critical9.32026-07-14ColdFusion is affected by a Missing Authentication for Critical Function vulnerability that could result in arbitrary code execution in the context of the curr…
CVE-2026-48321Critical9.32026-07-14ColdFusion is affected by an Incorrect Authorization vulnerability that could result in privilege escalation. An attacker could leverage this vulnerability to…
CVE-2026-48324Critical9.12026-07-14ColdFusion is affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could result in arbitrary…
CVE-2026-48319Critical9.12026-07-14ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code e…
CVE-2026-48327Critical9.02026-07-14ColdFusion is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati…
CVE-2026-48320High8.52026-07-14ColdFusion is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a…
CVE-2026-48332High7.72026-07-14ColdFusion is affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. A low-privileged attacker could le…
CVE-2026-48328High7.72026-07-14ColdFusion is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage t…
CVE-2026-48338Medium6.82026-07-14ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file sys…
CVE-2026-48329Low2.72026-07-14ColdFusion is affected by an Insufficient Session Expiration vulnerability that could result in a Security feature bypass. A high-privileged attacker could lev…