CVE-2025-54261CRITICAL 10.0EPSS p97.1%

CVE-2025-54261CVE-2025-54261

Description

ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution by an attacker. The victim must have optional configurations enabled. Scope is changed.

Scoring

CVSS 3.110.0 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS19.93% probability of exploitation · percentile 97.1% · 2026-06-19T12:03:05Z
Published2025-09-09
Last modified2025-10-03

Underlying weaknesses· 1

CWE-22

References

  1. https://helpx.adobe.com/security/products/coldfusion/apsb25-93.html

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-27305
CVE
CVE-2025-30290
CVE
CVE-2026-47932
CVE
CVE-2025-43563
CVE
CVE-2025-43564
CVE
CVE-2025-43561
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.