CVE-2025-30293

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.0 and earlier ColdFusion versions 2023.12 ColdFusion versions 2021.18

Description: The issue is related to an Improper Input Validation that could result in a security feature bypass. An attacker could leverage this to bypass security measures and gain unauthorized access. Exploitation requires user interaction, where a victim must open a malicious file.

Recommendations: For ColdFusion versions 2025.0 and earlier, update to a version that includes the security fix. For ColdFusion version 2023.12, apply the necessary security patch to resolve the issue. For ColdFusion version 2021.18, consider applying additional security measures to mitigate the risk of exploitation until a patch is available.