ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. Scope is changed.
| Балл | 8.4 — высокая |
| Вектор | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |