腾讯网

高危Lucee漏洞:通过计划任务滥用实现认证RCE,Metasploit模块已公开

高性能开源CFML(ColdFusion Markup Language)应用服务器Lucee近日曝出严重安全漏洞。该漏洞编号为CVE-2025-34074,CVSS评分高达9.4,允许已认证管理员通过滥用Lucee计划任务功能执行任意远程代码。 漏洞技术细节 Lucee凭借对Java集成、HTTP、ORM和动态脚本的支持,被开发者 ...
Ars Technica

Vulnerabilities in Adobe ColdFusion and Citrix NetScaler are under active exploitation

The exploited code-execution flaws are the kind coveted by ransomware and nation-state hackers. As someone who used ColdFusion for years, I’m not in the ‘why ...