CVE-2013-0632

CRITICAL KEV

Adobe ColdFusion 9.0-9.0.2, 10 - Unauthenticated Authentication Bypass and Remote Code Execution via RDS Component

Title source: llm

Exploitation Summary

CVE-2013-0632 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2022. EIP tracks 4 public exploits from researchers including Metasploit, Scott Buckel, including a Metasploit module exploits/multi/http/coldfusion_rds_auth_bypass.

AI-analyzed exploit summary This Metasploit module exploits an authentication bypass in Adobe ColdFusion 9 via the RDS component, allowing arbitrary code execution by uploading and executing a CFML payload. It leverages misconfigured or empty RDS passwords to gain administrative access.

Description

administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/30210

View Code ZIP pw:eip

This Metasploit module exploits an authentication bypass in Adobe ColdFusion 9 via the RDS component, allowing arbitrary code execution by uploading and executing a CFML payload. It leverages misconfigured or empty RDS passwords to gain administrative access.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10

No auth needed

Prerequisites: Access to the ColdFusion administrative interface · RDS component with empty or misconfigured password

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/24946

View Code ZIP pw:eip

This Metasploit module exploits multiple vulnerabilities in Adobe ColdFusion (APSB13-03), including authentication bypass (CVE-2013-0632), directory traversal (CVE-2013-0629), and arbitrary command execution (CVE-2013-0625). It leverages scheduled tasks to drop and execute payloads.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe ColdFusion (versions affected by APSB13-03)

No auth needed

Prerequisites: Network access to ColdFusion administrator interface · ColdFusion server with vulnerable versions

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1078 - Valid Accounts T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Scott Buckel · textwebappswindows

https://www.exploit-db.com/exploits/27755

View Code ZIP pw:eip

This exploit bypasses the Adobe ColdFusion 9 administrator login by manipulating the 'rdsPasswordAllowed' parameter, allowing unauthorized access when RDS is disabled. The PoC provides a simple HTML form to trigger the vulnerability.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Adobe ColdFusion 9.0, 9.0.1, 9.0.2

No auth needed

Prerequisites: Access to /CFIDE/adminapi/administrator.cfc · RDS disabled or unconfigured

MITRE ATT&CK

T1110.001 - Password Guessing T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GREAT

by Scott Buckel · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/coldfusion_rds_auth_bypass.rb

View Code ZIP pw:eip

This Metasploit module exploits an authentication bypass in Adobe ColdFusion's RDS component (CVE-2013-0632) by leveraging empty password configurations to gain admin access and execute arbitrary code via a CFML payload dropper.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe ColdFusion 9.0, 9.0.1, 9.0.2, 10

No auth needed

Prerequisites: ColdFusion with RDS component accessible · Empty or misconfigured RDS password

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/30210

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0632

Broken Link, Vendor Advisory x_refsource_confirm

http://www.adobe.com/support/security/bulletins/apsb13-03.html

Mitigation, Vendor Advisory x_refsource_confirm

http://www.adobe.com/support/security/advisories/apsa13-01.html

Scores

CVSS v3 9.8

EPSS 0.9268

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2022-03-03

VulnCheck KEV 2013-01-17

InTheWild.io 2014-01-17

ENISA EUVD EUVD-2013-0643

CWE

CWE-276

Status published

Products (4)

adobe/coldfusion 9.0

adobe/coldfusion 9.0.1

adobe/coldfusion 9.0.2

adobe/coldfusion 10.0

Published Jan 17, 2013

KEV Added Mar 03, 2022

Tracked Since Feb 18, 2026