CyberSec.Space Logo
Back to CVE Browser

CVE-2013-0625

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score84.8040%
EPSS Percentile88.47th
PublishedJan 9, 2013
Last ModifiedApr 21, 2026

Vulnerability Description

Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.

Affected Platforms (CPE)

πŸ“¦
Adobe

Coldfusion

= 9.0
πŸ“¦
Adobe

Coldfusion

= 9.0.1
πŸ“¦
Adobe

Coldfusion

= 9.0.2

References & Advisories

πŸ”— http://www.adobe.com/support/security/advisories/apsa13-01.html
πŸ”— http://www.adobe.com/support/security/bulletins/apsb13-03.html
πŸ”— http://www.securityfocus.com/bid/57164
πŸ”— http://www.adobe.com/support/security/advisories/apsa13-01.html
πŸ”— http://www.adobe.com/support/security/bulletins/apsb13-03.html
πŸ”— http://www.securityfocus.com/bid/57164
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0625

Related Vulnerabilities

CVE-2001-151410.0

ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly...

CVE-2010-529010.0

The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash...

CVE-1999-076010.0

Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional p...

CVE-2013-138910.0

Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before U...