CVE-2025-30288Improper Access Control in Adobe Coldfusion

CWE-284Improper Access Control3 documents3 sources
Severity
8.2HIGHNVD
EPSS
0.1%
top 76.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Coldfusion
Timeline
PublishedApr 8

Description

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application and scope is changed.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages2 packages

CVEListV5adobe/coldfusion2025.0
NVDadobe/coldfusion2021, 2023, 2025+2

🔴Vulnerability Details

2
GHSA
GHSA-j72q-qc2x-rq8g: ColdFusion versions 20232025-04-08
CVEList
ColdFusion | Improper Access Control (CWE-284)2025-04-08
CVE-2025-30288 — Improper Access Control in Adobe | cvebase