VDB
CVE-2025-61823
CVE-2025-61823
PUBLISHED
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. A high privileged attacker could exploit this vulnerability to access sensitive files and data on the server. Exploitation of this issue requires user interaction and scope is changed.
EPSS 0.04% · 13.9th percentile
Risk Scores
EPSS Score
0.04%
13.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| adobe | coldfusion | 2021, 2021, 2021 |
| Adobe | ColdFusion | 0 |
Timeline
- Oct 1, 2025 CVE ID Reserved
- Dec 9, 2025 CVE Published
- Dec 10, 2025 EPSS Score
- Dec 10, 2025 CVE Updated
- Dec 14, 2025 EPSS Score
- Dec 18, 2025 EPSS Score
- Dec 23, 2025 EPSS Score
- Dec 27, 2025 EPSS Score
- Dec 31, 2025 EPSS Score
- Jan 4, 2026 EPSS Score
- Jan 8, 2026 EPSS Score
- Jan 12, 2026 EPSS Score