CVE-2013-0625
Published on January 9, 2013
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.
Known Exploited Vulnerability
This Adobe ColdFusion Authentication Bypass Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.
The following remediation steps are recommended / required by September 7, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2013-0625 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
What is an authentification Vulnerability?
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
CVE-2013-0625 has been classified to as an authentification vulnerability or weakness.
Products Associated with CVE-2013-0625
You can be notified by stack.watch whenever vulnerabilities like CVE-2013-0625 are published in these products:
What versions are vulnerable to CVE-2013-0625?
Each of the following must match for the vulnerability to exist.