CVE-2025-30287

EPSS 0.02%
Veröffentlicht 08.04.2025 20:15:26
Zuletzt bearbeitet 21.04.2025 18:37:56
Quelle psirt@adobe.com
Teams Watchlist Login
Unerledigt Login

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application and scope is changed.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Coldfusion Version2021 Update-

Adobe ≫ Coldfusion Version2021 Updateupdate1

Adobe ≫ Coldfusion Version2021 Updateupdate10

Adobe ≫ Coldfusion Version2021 Updateupdate11

Adobe ≫ Coldfusion Version2021 Updateupdate12

Adobe ≫ Coldfusion Version2021 Updateupdate13

Adobe ≫ Coldfusion Version2021 Updateupdate14

Adobe ≫ Coldfusion Version2021 Updateupdate15

Adobe ≫ Coldfusion Version2021 Updateupdate16

Adobe ≫ Coldfusion Version2021 Updateupdate17

Adobe ≫ Coldfusion Version2021 Updateupdate18

Adobe ≫ Coldfusion Version2021 Updateupdate2

Adobe ≫ Coldfusion Version2021 Updateupdate3

Adobe ≫ Coldfusion Version2021 Updateupdate4

Adobe ≫ Coldfusion Version2021 Updateupdate5

Adobe ≫ Coldfusion Version2021 Updateupdate6

Adobe ≫ Coldfusion Version2021 Updateupdate7

Adobe ≫ Coldfusion Version2021 Updateupdate8

Adobe ≫ Coldfusion Version2021 Updateupdate9

Adobe ≫ Coldfusion Version2023 Update-

Adobe ≫ Coldfusion Version2023 Updateupdate1

Adobe ≫ Coldfusion Version2023 Updateupdate10

Adobe ≫ Coldfusion Version2023 Updateupdate11

Adobe ≫ Coldfusion Version2023 Updateupdate12

Adobe ≫ Coldfusion Version2023 Updateupdate2

Adobe ≫ Coldfusion Version2023 Updateupdate3

Adobe ≫ Coldfusion Version2023 Updateupdate4

Adobe ≫ Coldfusion Version2023 Updateupdate5

Adobe ≫ Coldfusion Version2023 Updateupdate6

Adobe ≫ Coldfusion Version2023 Updateupdate7

Adobe ≫ Coldfusion Version2023 Updateupdate8

Adobe ≫ Coldfusion Version2023 Updateupdate9

Adobe ≫ Coldfusion Version2025 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.046

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.2	1.5	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
psirt@adobe.com	8.2	1.5	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-30287

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-30287

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-30287

EUVD