CVE-2025-30285

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction and scope is changed.

CVSS v3.0 8.4 HIGH

8.4^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:adobe:coldfusion:2021:-::::::
	cpe:2.3:a:adobe:coldfusion:2021:update1::::::
	cpe:2.3:a:adobe:coldfusion:2021:update2::::::
	cpe:2.3:a:adobe:coldfusion:2021:update3::::::
	cpe:2.3:a:adobe:coldfusion:2021:update4::::::
	cpe:2.3:a:adobe:coldfusion:2021:update5::::::
	cpe:2.3:a:adobe:coldfusion:2021:update10::::::
	cpe:2.3:a:adobe:coldfusion:2021:update11::::::
	cpe:2.3:a:adobe:coldfusion:2021:update6::::::
	cpe:2.3:a:adobe:coldfusion:2021:update7::::::
	cpe:2.3:a:adobe:coldfusion:2021:update8::::::
	cpe:2.3:a:adobe:coldfusion:2021:update9::::::
	cpe:2.3:a:adobe:coldfusion:2023:-::::::
	cpe:2.3:a:adobe:coldfusion:2023:update1::::::
	cpe:2.3:a:adobe:coldfusion:2023:update2::::::
	cpe:2.3:a:adobe:coldfusion:2023:update3::::::
	cpe:2.3:a:adobe:coldfusion:2023:update4::::::
	cpe:2.3:a:adobe:coldfusion:2023:update5::::::
	cpe:2.3:a:adobe:coldfusion:2021:update12::::::
	cpe:2.3:a:adobe:coldfusion:2021:update13::::::
	cpe:2.3:a:adobe:coldfusion:2021:update14::::::
	cpe:2.3:a:adobe:coldfusion:2021:update15::::::
	cpe:2.3:a:adobe:coldfusion:2021:update16::::::
	cpe:2.3:a:adobe:coldfusion:2021:update17::::::
	cpe:2.3:a:adobe:coldfusion:2021:update18::::::
	cpe:2.3:a:adobe:coldfusion:2023:update10::::::
	cpe:2.3:a:adobe:coldfusion:2023:update11::::::
	cpe:2.3:a:adobe:coldfusion:2023:update12::::::
	cpe:2.3:a:adobe:coldfusion:2023:update6::::::
	cpe:2.3:a:adobe:coldfusion:2023:update7::::::
	cpe:2.3:a:adobe:coldfusion:2023:update8::::::
	cpe:2.3:a:adobe:coldfusion:2023:update9::::::
	cpe:2.3:a:adobe:coldfusion:2025:-::::::

History

18 Apr 2025, 18:15

Type	Values Removed	Values Added
Summary	ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction and scope is changed.
CWE	~~CWE-502~~
CVSS	v2 : ~~unknown~~ v3 : ~~7.8~~	v2 : unknown v3 : 8.4

15 Apr 2025, 20:02

Type	Values Removed	Values Added
First Time		Adobe coldfusion Adobe
References	~~() https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html -~~	() https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~8.0~~	v2 : unknown v3 : 7.8
CPE		cpe:2.3:a:adobe:coldfusion:2021:update5:::::: cpe:2.3:a:adobe:coldfusion:2023:update3:::::: cpe:2.3:a:adobe:coldfusion:2023:update8:::::: cpe:2.3:a:adobe:coldfusion:2023:update7:::::: cpe:2.3:a:adobe:coldfusion:2025:-:::::: cpe:2.3:a:adobe:coldfusion:2021:update11:::::: cpe:2.3:a:adobe:coldfusion:2021:update8:::::: cpe:2.3:a:adobe:coldfusion:2023:-:::::: cpe:2.3:a:adobe:coldfusion:2021:update14:::::: cpe:2.3:a:adobe:coldfusion:2023:update1:::::: cpe:2.3:a:adobe:coldfusion:2023:update9:::::: cpe:2.3:a:adobe:coldfusion:2023:update5:::::: cpe:2.3:a:adobe:coldfusion:2021:update2:::::: cpe:2.3:a:adobe:coldfusion:2021:update6:::::: cpe:2.3:a:adobe:coldfusion:2023:update4:::::: cpe:2.3:a:adobe:coldfusion:2021:update16:::::: cpe:2.3:a:adobe:coldfusion:2021:update18:::::: cpe:2.3:a:adobe:coldfusion:2021:update15:::::: cpe:2.3:a:adobe:coldfusion:2021:update17:::::: cpe:2.3:a:adobe:coldfusion:2021:update10:::::: cpe:2.3:a:adobe:coldfusion:2023:update12:::::: cpe:2.3:a:adobe:coldfusion:2023:update11:::::: cpe:2.3:a:adobe:coldfusion:2021:update12:::::: cpe:2.3:a:adobe:coldfusion:2021:update9:::::: cpe:2.3:a:adobe:coldfusion:2021:update7:::::: cpe:2.3:a:adobe:coldfusion:2023:update10:::::: cpe:2.3:a:adobe:coldfusion:2021:update1:::::: cpe:2.3:a:adobe:coldfusion:2021:update3:::::: cpe:2.3:a:adobe:coldfusion:2021:update4:::::: cpe:2.3:a:adobe:coldfusion:2023:update6:::::: cpe:2.3:a:adobe:coldfusion:2023:update2:::::: cpe:2.3:a:adobe:coldfusion:2021:update13:::::: cpe:2.3:a:adobe:coldfusion:2021:-::::::

08 Apr 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-08 20:15

Updated : 2025-04-21 18:38

NVD link : CVE-2025-30285

Mitre link : CVE-2025-30285

JSON object : View

Products Affected

adobe

coldfusion

CWE

No CWE.

8.4 /10