Improper Input Validation in ColdFusion by Adobe
CVE-2025-30293
6.8MEDIUM
Summary
Adobe ColdFusion is affected by an Improper Input Validation vulnerability present in versions 2023.12, 2021.18, and 2025.0, along with earlier releases. This security flaw could allow an attacker to bypass security features, leading to unauthorized access. Exploitation of this vulnerability necessitates user interaction, as the victim must open a specific malicious file. Consequently, it poses a significant concern for users who may unknowingly compromise their security.
Affected Version(s)
ColdFusion 0 <= 2025.0
References
CVSS V3.1
Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved