ColdFusion <2025.4 Improper Input Validation Arbitrary Code Exec
CVE-2025-61812 Published on December 9, 2025

ColdFusion | Improper Input Validation (CWE-20)
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary code execution. Exploitation of this issue does not require user interaction.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Products Associated with CVE-2025-61812

Want to know whenever a new CVE is published for Adobe ColdFusion? stack.watch will email you.

Adobe ColdFusion

Affected Versions

Adobe ColdFusion:

Before and including 2021.22 is affected.

Exploit Probability

EPSS

0.06%

Percentile

19.61%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

ColdFusion <2025.4 Improper Input Validation Arbitrary Code ExecCVE-2025-61812 Published on December 9, 2025

Vulnerability Analysis

Weakness Type

Improper Input Validation

Products Associated with CVE-2025-61812

Affected Versions

Exploit Probability

ColdFusion <2025.4 Improper Input Validation Arbitrary Code Exec
CVE-2025-61812 Published on December 9, 2025