CNNVD-202512-1748 Information

CNNVD ID

CNNVD-202512-1748

Related CVE

CVE-2025-61823

• CNNVD Published: 2025-12-10

Description (Chinese)

Adobe ColdFusion是美国奥多比（Adobe）公司的一套快速应用程序开发平台。该平台包括集成开发环境和脚本语言。 Adobe ColdFusion 2025.4版本、2023.16版本、2021.22版本及之前版本存在代码问题漏洞，该漏洞源于XML外部实体引用限制不当，可能导致任意文件系统读取。

Description (English)

Adobe ColdFusion is a fast-track application development platform for Adobe in the United States. The platform includes an integrated development environment and script language. There is a code gap in Adobe ColdFusion 2025.4, 2023.16, 2021.22 and earlier versions, which stems from inappropriate reference restrictions by an external XML entity and may lead to access to any file system.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

奥多比

Published

2025-12-10

Last Modified

2026-02-24

References

https://helpx.adobe.com/security/products/coldfusion/apsb25-105.html

Patch

https://helpx.adobe.com/security/products/coldfusion/apsb25-105.html