ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass authentication mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
References
| Link | Resource |
|---|---|
| https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
23 Apr 2025, 16:45
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
22 Apr 2025, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass authentication mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed. |
21 Apr 2025, 18:39
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
18 Apr 2025, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass authentication mechanisms and execute code. Exploitation of this issue does not require user interaction. | |
| CWE |
15 Apr 2025, 14:02
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html - Vendor Advisory | |
| First Time |
Adobe coldfusion
Adobe |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| CPE | cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update11:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update14:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update16:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update18:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update15:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update17:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update10:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update12:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update9:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:update13:*:*:*:*:*:* cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:* |
|
| CWE | NVD-CWE-noinfo |
08 Apr 2025, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-04-08 20:15
Updated : 2025-04-23 16:45
NVD link : CVE-2025-30282
Mitre link : CVE-2025-30282
JSON object : View
Products Affected
adobe
- coldfusion
CWE