Vulnerability Details CVE-2025-30287
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application and scope is changed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.3%
CVSS Severity
CVSS v3 Score 8.2
Products affected by CVE-2025-30287
-
cpe:2.3:a:adobe:coldfusion:2021
-
cpe:2.3:a:adobe:coldfusion:2023
-
cpe:2.3:a:adobe:coldfusion:2025