VDB

CVE-2025-61823

CVE-2025-61823 PUBLISHED

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. A high privileged attacker could exploit this vulnerability to access sensitive files and data on the server. Exploitation of this issue requires user interaction and scope is changed.

EPSS 0.04% · 13.9th percentile

Risk Scores

EPSS Score
0.04%
13.9th percentile

Affected Products

VendorProductVersions
adobecoldfusion2021, 2021, 2021
AdobeColdFusion0

Timeline

  • Oct 1, 2025 CVE ID Reserved
  • Dec 9, 2025 CVE Published
  • Dec 10, 2025 EPSS Score
  • Dec 10, 2025 CVE Updated
  • Dec 14, 2025 EPSS Score
  • Dec 18, 2025 EPSS Score
  • Dec 23, 2025 EPSS Score
  • Dec 27, 2025 EPSS Score
  • Dec 31, 2025 EPSS Score
  • Jan 4, 2026 EPSS Score
  • Jan 8, 2026 EPSS Score
  • Jan 12, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›