CVE-2025-30287

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier

Description: The issue is related to an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass authentication mechanisms and execute code with the privileges of the authenticated user. Exploitation of this issue requires user interaction, where a victim must be coerced into performing actions within the application.

Recommendations: For ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier, update to a version that includes a fix for this issue to prevent arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.