CVE-2025-30289

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.0 and earlier ColdFusion versions 2023.12 ColdFusion versions 2021.18

Description: The issue is related to an Improper Neutralization of Special Elements used in an OS Command, also known as OS Command Injection, which could lead to arbitrary code execution by an attacker. This exploitation does not require user interaction.

Recommendations: For ColdFusion version 2025.0 and earlier, update to a version that addresses the OS Command Injection issue. For ColdFusion version 2023.12, apply the necessary patch or update to resolve the vulnerability. For ColdFusion version 2021.18, consider applying configuration changes or workarounds to mitigate the risk of OS Command Injection until a patch is available.