CVE-2025-30281

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.0 and earlier ColdFusion versions 2023.12 ColdFusion versions 2021.18 and earlier

Description: The issue is related to improper access control, which could allow a remote attacker to gain unauthorized access to protected information. This vulnerability may result in arbitrary file system read, enabling an attacker to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction.

Recommendations: For ColdFusion versions 2025.0 and earlier, update to a version that addresses the improper access control issue. For ColdFusion versions 2023.12, apply the necessary security patches or updates to resolve the vulnerability. For ColdFusion versions 2021.18 and earlier, consider restricting access to sensitive data and apply security updates as soon as they become available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.