CVE-2025-49544— Adobe ColdFusion 代码问题漏洞

ColdFusion | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to access sensitive information or bypass security measures. Exploitation of this issue does not require user interaction and scope is changed.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

XML外部实体引用的不恰当限制(XXE)

Adobe ColdFusion 代码问题漏洞

Adobe ColdFusion是美国奥多比（Adobe）公司的一套快速应用程序开发平台。该平台包括集成开发环境和脚本语言。 Adobe ColdFusion 2025.2及之前版本、2023.14及之前版本和2021.20及之前版本存在代码问题漏洞，该漏洞源于XML外部实体引用限制不当，可能导致安全功能绕过。

N/A

N/A