Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

ColdFusion 2025 — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in ColdFusion 2025, with AI-generated Chinese analysis, references, and POCs.

This page documents known security vulnerabilities for the ColdFusion 2025 platform, categorized by Common Weakness Enumeration identifiers. It aggregates technical details regarding flaws identified in the Adobe ColdFusion 2025 release cycle, focusing on the specific architectural components and runtime environments associated with this software version. The collection includes a comprehensive list of discovered security issues ranging from remote code execution and cross-site scripting to privilege escalation and information disclosure vulnerabilities. These entries cover the period from the initial public release through the most recent patch applications, ensuring that users have access to the full historical context of security incidents affecting the product. By consolidating data from multiple sources, this resource allows administrators and security researchers to efficiently track vendor advisories and understand the evolution of specific weakness classes within the ColdFusion ecosystem. Users can explore detailed descriptions to comprehend the root causes of these flaws, analyze the impact on their specific deployment configurations, and review the product’s vulnerability history to prioritize remediation efforts. This structured approach facilitates a deeper understanding of how these defects interact with the application server, enabling more effective risk management and compliance reporting without relying on fragmented external reports. The content is strictly technical, avoiding speculative commentary or promotional language, to provide an objective reference for IT professionals managing the lifecycle of ColdFusion 2025 installations.

Vendor: Adobe

CVE IDTitleCVSSSeverityPublished
CVE-2026-48320 ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79) CWE-79 8.5 High2026-07-14
CVE-2026-48324 ColdFusion | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89) CWE-89 9.1 Critical2026-07-14
CVE-2026-48332 ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918) CWE-918 7.7 High2026-07-14
CVE-2026-48318 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) CWE-22 9.9 Critical2026-07-14
CVE-2026-48338 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) CWE-22 6.8 Medium2026-07-14
CVE-2026-48327 ColdFusion | Incorrect Authorization (CWE-863) CWE-863 9.0 Critical2026-07-14
CVE-2026-48329 ColdFusion | Insufficient Session Expiration (CWE-613) CWE-613 2.7 Low2026-07-14
CVE-2026-48321 ColdFusion | Incorrect Authorization (CWE-863) CWE-863 9.3 Critical2026-07-14
CVE-2026-48319 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) CWE-22 9.1 Critical2026-07-14
CVE-2026-48322 ColdFusion | Improper Control of Generation of Code ('Code Injection') (CWE-94) CWE-94 9.6 Critical2026-07-14
CVE-2026-48284 ColdFusion | Improper Input Validation (CWE-20) CWE-20 9.6 Critical2026-07-14
CVE-2026-48328 ColdFusion | Improper Input Validation (CWE-20) CWE-20 7.7 High2026-07-14
CVE-2026-48325 ColdFusion | Missing Authentication for Critical Function (CWE-306) CWE-306 9.3 Critical2026-07-14

All 13 known CVE vulnerabilities affecting ColdFusion 2025 with full Chinese analysis, references, and POCs where available.