CVE Catalog

CVE-2025-64898

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

29th percentile - higher than 29% of all known CVEs

Summary

A vulnerability in ColdFusion allows an attacker to gain limited unauthorized write access due to insufficiently protected credentials. The flaw stems from improper storage or transmission of authentication data. Exploitation does not require user interaction.

Risk Assessment

The organization is at risk of unauthorized system access, potentially leading to data or configuration modification without administrator knowledge.

Recommendation

Immediately update ColdFusion to version 2025.4, 2023.16, 2021.22 or later, as recommended by the vendor.

Original NVD description (English source)

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized access by exploiting improperly stored or transmitted credentials. Exploitation of this issue does not require user interaction.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS