CVE-2025-61810
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by a Deserialization of Untrusted Data vulnerabili
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could exploit this vulnerability by providing maliciously crafted serialized data to the application. Exploitation of this issue requires user interaction and scope is changed.
HIGH · CVSS 8.4
EPSS 0.08379
Schedule remediation
- EPSS percentile: top 8% of all CVEs by exploitation likelihood
- CVSS base score ≥ 7.0
Sigma rules0
YARA rules0