CVE-2025-30282

Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions 2025.0, 2023.12, 2021.18 and earlier

Description: The issue is related to an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass authentication mechanisms and execute code with the privileges of the authenticated user. Exploitation of this issue requires user interaction, where a victim must be coerced into performing actions within the application.

Recommendations: For Adobe ColdFusion versions 2025.0, 2023.12, 2021.18 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.