CVE-2025-30290

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.0 and earlier ColdFusion versions 2023.12 ColdFusion versions 2021.18

Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal', which could lead to a security feature bypass. An attacker could exploit this to access files and directories stored outside the intended restricted directory. Exploitation requires user interaction.

Recommendations: For ColdFusion version 2025.0 and earlier, update to a version that addresses the 'Path Traversal' vulnerability. For ColdFusion version 2023.12, update to a version that addresses the 'Path Traversal' vulnerability. For ColdFusion version 2021.18, update to a version that addresses the 'Path Traversal' vulnerability.