CVE-2025-30281: ColdFusion | Improper Access Control (CWE-284)
First published: Tue Apr 08 2025(Updated: )
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe ColdFusion | <2023.12<2021.18<2025.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-30281?
CVE-2025-30281 has a high severity rating due to the potential for unauthorized access to sensitive data.
How do I fix CVE-2025-30281?
To fix CVE-2025-30281, update Adobe ColdFusion to the latest version released after 2023.12, 2021.18, and 2025.0.
What versions of ColdFusion are affected by CVE-2025-30281?
CVE-2025-30281 affects Adobe ColdFusion versions 2023.12, 2021.18, and 2025.0 and earlier.
What type of vulnerability is CVE-2025-30281?
CVE-2025-30281 is classified as an Improper Access Control vulnerability.
What could happen if CVE-2025-30281 is exploited?
If exploited, CVE-2025-30281 could allow an attacker to access or modify sensitive data without proper authorization.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/title
- agent/type
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/source
- agent/severity
- agent/tags
- agent/event
- vendor/adobe
- canonical/adobe coldfusion