Browse all 4 CVE security advisories affecting Lucee. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Lucee is an open-source CFML engine primarily used for web application development and dynamic content delivery. Historically, vulnerabilities affecting Lucee have commonly included remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from input validation failures and insecure default configurations. While no major public security incidents have been widely documented, the 4 CVEs on record highlight potential risks in areas like file handling and deserialization. Security researchers note that Lucee's enterprise adoption requires careful hardening, as misconfigurations and outdated deployments can expose critical systems to exploitation. Regular updates and secure coding practices remain essential for mitigating identified vulnerabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-53880 | Lucee 5.4.2.17 Authenticated Reflected Cross-Site Scripting via Admin Interfaces — LuceeCWE-79 | 5.4AI | MediumAI | 2025-12-15 |
| CVE-2024-55354 | Lucee 安全漏洞 — Lucee ServerCWE-807 | 8.8 | High | 2025-04-08 |
| CVE-2023-38693 | RCE in Lucee REST endpoint — LuceeCWE-611 | 9.8 | Critical | 2025-03-05 |
| CVE-2021-21307 | Remote Code Exploit in Lucee Admin — LuceeCWE-862 | 8.6 | High | 2021-02-11 |
This page lists every published CVE security advisory associated with Lucee. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.