VYPR
Get started
← All advisories
High severity8.2NVD Advisory· Published Dec 10, 2025· Updated Apr 28, 2026

CVE-2025-61813

CVE-2025-61813

Description

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the server. Exploitation of this issue does requires user interaction and scope is changed.

Affected products

45
  • Adobe Inc./Coldfusion45 versions
    cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*+ 44 more
    • cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update10:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update11:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update12:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update13:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update14:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update15:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update16:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update17:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update18:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update19:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update20:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update21:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update22:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2021:update9:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2023:update13:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2023:update14:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2023:update15:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2023:update16:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2025:update1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2025:update2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2025:update3:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:2025:update4:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.