Improper Input Validation in ColdFusion Affects Adobe Products
CVE-2025-30294
6.8MEDIUM
Summary
ColdFusion versions 2023.12, 2021.18, and 2025.0 and earlier are affected by an improper input validation vulnerability. This flaw may allow attackers to circumvent established security features, enabling unauthorized access to sensitive information. Successful exploitation necessitates user interaction, as a victim must open a specially crafted file to trigger the vulnerability. It is crucial for users to remain vigilant and ensure that best practices are followed to mitigate potential risks.
Affected Version(s)
ColdFusion 0 <= 2025.0
References
CVSS V3.1
Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved