PT-2025-15660 · Adobe · Coldfusion
Published
2025-04-08
·
Updated
2025-04-09
·
CVE-2025-30291
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
ColdFusion versions 2023.12 and earlier
ColdFusion version 2021.18 and earlier
ColdFusion version 2025.0 and earlier
Description:
The issue is an Information Exposure vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to gain access to sensitive information, which could be used to further compromise the system or bypass security mechanisms. Exploitation of this issue does not require user interaction.
Recommendations:
For ColdFusion versions 2023.12 and earlier, update to a version that contains a fix for this issue.
For ColdFusion version 2021.18 and earlier, update to a version that contains a fix for this issue.
For ColdFusion version 2025.0 and earlier, update to a version that contains a fix for this issue.
As a temporary workaround, consider restricting access to sensitive information and security mechanisms to minimize the risk of exploitation.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Coldfusion