CVE-2025-64898

CVE Database · CVE-2025-64898

CVE-2025-64898

· MEDIUMAnalyzed

CVSS v3.1

4.3

EPSS

0.32%

Published

Dec 9, 2025

Modified

Dec 12, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized access by exploiting improperly stored or transmitted credentials. Exploitation of this issue does not require user interaction.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Weaknesses (CWE)

CWE-522

Affected Products (45)

adobe · coldfusionvulnerable

· coldfusion

References (1)

https://helpx.adobe.com/security/products/coldfusion/apsb25-105.html

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs

adobe · coldfusionvulnerable