CVE-2025-49540 Information
Jul 09, 2025
cve
Description
ColdFusion versions 2025.2 2023.14 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field scope is changed. The vulnerable component is restricted to internal IP addresses.
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Reference
https://helpx.adobe.com/security/products/coldfusion/apsb25-69.html
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
4.3
Related CNNVD
CNNVD-202507-1181 (Published: 2025-07-08)
Share on: