Reflected Cross-Site Scripting Vulnerability in Adobe ColdFusion Products
CVE-2025-30292

6.1MEDIUM

Key Information:

Vendor: Adobe
Status: Coldfusion
Vendor: CVE Published:; 8 April 2025

What is CVE-2025-30292?

Adobe ColdFusion versions 2023.12, 2021.18, and 2025.0, along with earlier versions, are susceptible to a reflected Cross-Site Scripting (XSS) vulnerability. This flaw allows attackers to potentially execute malicious JavaScript within the victim's browser by tricking them into clicking a specially crafted URL. If successful, this can lead to unauthorized actions being taken on behalf of the user, including the exposure of sensitive information.

Affected Version(s)

ColdFusion 0 <= 2025.0

References

https://helpx.adobe.com/security/products/coldfusion/apsb...

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Mar 20, 2025