virus logo Intrusion Prevention

Adobe.ColdFusion.CVE-2025-49535.XXE

description-logoDescription

This indicates an attack attempt to exploit an External Entity Injection Vulnerability (XXE) in Adobe ColdFusion.
A remote authenticated attacker could exploit this vulnerability by sending malicious XML data to the target server. Successful exploitation could result in arbitrary files being read from the system, which may be used to further compromise the system.

affected-products-logoAffected Products

Adobe ColdFusion 2025 Update 2
Adobe ColdFusion 2023 Update 14 and earlier versions
Adobe ColdFusion 2021 Update 20 and earlier versions

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://helpx.adobe.com/security/products/acrobat/apsb25-69.html

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2025-07-17 33.047
Modified
 Default_action:pass:drop
2025-07-09 33.042
Modified
 Name:Adobe.
ColdFusion.
CVE-2025-43535.
XXE:Adobe.
ColdFusion.
CVE-2025-49535.
XXE
2025-07-08 33.041
New

References

https://helpx.adobe.com/security/products/coldfusion/apsb25-69.html
ID 58403
Created Jul 08, 2025
Updated Jul 16, 2025
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Exploit Prediction Score 0.04%
Default Action drop
Active
Affected OS Windows, Linux, MacOS
Affected App Adobe
Profile Type Code Injection