CVE-2025-54234 – ColdFusion SSRF File System Read Vulnerability

CVE ID : CVE-2025-54234

Published : Aug. 18, 2025, 5:15 p.m. | 56 minutes ago

Description : ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

Severity: 2.2 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…