CVE-2013-0625

CRITICAL KEV

Adobe ColdFusion <9.0.2 - Auth Bypass

Title source: llm

Description

Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.

Exploits (1)

exploitdb WORKING POC

rubyremotemultiple

https://www.exploit-db.com/exploits/24946

View on exploitdb

References (4)

[Vendor Advisory] http://www.adobe.com/support/security/advisories/apsa13-01.html

[Not Applicable] http://www.adobe.com/support/security/bulletins/apsb13-03.html

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/57164

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0625

Scores

CVSS v3 9.8

EPSS 0.7808

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2022-03-07

VulnCheck KEV 2013-01-09

InTheWild.io 2013-01-18

ENISA EUVD EUVD-2013-0636

Classification

CWE

CWE-287

Status draft

Affected Products (3)

adobe/coldfusion

Timeline

Published Jan 09, 2013

KEV Added Mar 07, 2022

Tracked Since Feb 18, 2026