ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Description

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not require user interaction and scope is changed.

AI Analysis

Unrestricted Upload of File with Dangerous Type vulnerability leading to arbitrary code execution

Basic Information

ID CVE-2025-61808

Source adobe

Published Dec 9, 2025 at 23:41

Affected Product

Vendor Adobe

Product ColdFusion

Affected Versions Adobe ColdFusion 0

CWE Classification

CWE-434

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor Adobe

Product ColdFusion

Version 2025.4, 2023.16, 2021.22 and earlier

References

helpx.adobe.com /security/products/coldfusion/apsb25-105.html

{
    "lastseen": "",
    "description": "ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not require user interaction and scope is changed.",
    "published": "2025-12-09T23:41:13.755Z",
    "modified": "2025-12-09T23:41:13.755Z",
    "type": "cve",
    "title": "ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)",
    "source": "adobe",
    "references": "https://helpx.adobe.com/security/products/coldfusion/apsb25-105.html",
    "id": "CVE-2025-61808",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "Adobe ColdFusion 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ColdFusion",
    "version": "0",
    "vendor": "Adobe",
    "ai_description": "Unrestricted Upload of File with Dangerous Type vulnerability leading to arbitrary code execution",
    "ai_severity": "Critical",
    "ai_vendor": "Adobe",
    "ai_product": "ColdFusion",
    "ai_version": "2025.4, 2023.16, 2021.22 and earlier",
    "ai_score": 9.1
}

ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)_CVE-2025-61808