virus logo Intrusion Prevention

Adobe.ColdFusion.CVE-2025-49541.XSS

description-logoDescription

This indicates an attack attempt against a Cross Site Scripting vulnerability in Adobe ColdFusion.
The vulnerability is due to insufficient validation of user-supplied inputs. A remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in the execution of arbitrary script code in the victim's browser.

affected-products-logoAffected Products

Adobe ColdFusion 2025 Update 2
Adobe ColdFusion 2023 Update 14 and earlier versions
Adobe ColdFusion 2021 Update 20 and earlier versions

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary script code within the context of the target user's browser.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://helpx.adobe.com/security/products/acrobat/apsb25-69.html

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2025-07-17 33.047
Modified
 Default_action:pass:drop
2025-07-09 33.042
Modified
 Name:Adobe.
ColdFusion.
CVE-2025-43541.
XSS:Adobe.
ColdFusion.
CVE-2025-49541.
XSS
2025-07-08 33.041
New

References

https://helpx.adobe.com/security/products/coldfusion/apsb25-69.html
ID 58399
Created Jul 08, 2025
Updated Jul 16, 2025
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Exploit Prediction Score 0.03%
Default Action drop
Active
Affected OS Windows, Linux, MacOS
Affected App Adobe
Profile Type XSS