CVE-2025-64898
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk29th percentile - higher than 29% of all known CVEs
Summary
A vulnerability in ColdFusion allows an attacker to gain limited unauthorized write access due to insufficiently protected credentials. The flaw stems from improper storage or transmission of authentication data. Exploitation does not require user interaction.
Risk Assessment
The organization is at risk of unauthorized system access, potentially leading to data or configuration modification without administrator knowledge.
Recommendation
Immediately update ColdFusion to version 2025.4, 2023.16, 2021.22 or later, as recommended by the vendor.
Original NVD description (English source)
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized access by exploiting improperly stored or transmitted credentials. Exploitation of this issue does not require user interaction.

