CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-30289

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application. Scope is changed.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.6%

CVSS Severity

CVSS v3 Score 8.2

References

https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html

Products affected by CVE-2025-30289

Adobe » Coldfusion » Version: 2021

cpe:2.3:a:adobe:coldfusion:2021
Adobe » Coldfusion » Version: 2023

cpe:2.3:a:adobe:coldfusion:2023
Adobe » Coldfusion » Version: 2025

cpe:2.3:a:adobe:coldfusion:2025

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-30289

Products

Pricing

Contact Us