CVE-2013-0625

9.8 CRITICAL CISA KEV - Actively Exploited
Published: January 09, 2013 Modified: October 22, 2025
View on NVD

Description

Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://www.adobe.com/support/security/advisories/apsa13-01.html
Source: psirt@adobe.com
Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb13-03.html
Source: psirt@adobe.com
Not Applicable
http://www.securityfocus.com/bid/57164
Source: psirt@adobe.com
Broken Link Third Party Advisory VDB Entry
http://www.adobe.com/support/security/advisories/apsa13-01.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb13-03.html
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://www.securityfocus.com/bid/57164
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0625
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

7 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.8 / 10.0
EPSS (Exploit Probability)
86.6%
99th percentile
Exploitation Status
Actively Exploited
Remediation due: 2022-09-07

Weaknesses (CWE)

CWE-287 CWE-287

Affected Vendors

apple adobe microsoft opengroup

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3