What is the CVSS score of CVE-2025-49536?

CVE-2025-49536 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Coldfusion are affected by CVE-2025-49536?

CVE-2025-49536 presents moderate security risk, a incorrect authorization vulnerability rated CVSS 7.3.

How to fix or mitigate CVE-2025-49536?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Coldfusion CVE-2025-49536

EUVD-2025-20702 HIGH

Incorrect Authorization (CWE-863)

2025-07-08 psirt@adobe.com

Authentication Bypass Coldfusion

7.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.3 HIGH

AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 16, 2026 - 04:21 euvd

EUVD-2025-20702

Analysis Generated

Mar 16, 2026 - 04:21 vuln.today

CVE Published

Jul 08, 2025 - 21:15 nvd

HIGH 7.3

DescriptionCVE.org

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. The vulnerable component is restricted to internal IP addresses.

Analysis

Technical ContextAI

This vulnerability is classified as Incorrect Authorization (CWE-863).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

CVE-2025-49536 vulnerability details – vuln.today

Back