CVE-2024-53961

CVE Database · CVE-2024-53961

CVE-2024-53961

· HIGHAnalyzed

CVSS v3.1

8.1

EPSS

13.40%

Published

Dec 23, 2024

Modified

Apr 16, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data. Exploitation of this issue requires the admin panel be exposed to the internet.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-22

Affected Products (30)

adobe · coldfusionvulnerable

· coldfusion

References (1)

https://helpx.adobe.com/security/products/coldfusion/apsb24-107.html

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs