← back
CVE-2025-30282

ColdFusion | Improper Authentication (CWE-287)

CVSS 9.1 CRITICALEPSS 1.4%CWE-287
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.1EPSS 1.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
08 Apr 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass authentication mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected products
Adobe · ColdFusion

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html