How severe is CVE-2025-43566?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2025-43566?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2025-43566 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized read access. Exploitation of this issue does not require user interaction and scope is changed.

Related Vulnerabilities

CVE-2016-2933

MEDIUM

CVSS:6.8(Medium)

Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request.

CWE-222016

CVE-2016-6614

MEDIUM

CVSS:6.8(Medium)

An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user ...

CWE-222016

CVE-2017-15527

MEDIUM

CVSS:6.8(Medium)

Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sa...

CWE-222017

CVE-2018-9445

MEDIUM

CVSS:6.8(Medium)

In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution ...

CWE-222018

CVE-2019-19848

MEDIUM

CVSS:6.8(Medium)

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerab...

CWE-222019

CVE-2019-4674

MEDIUM

CVSS:6.8(Medium)

IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to...

CWE-222019