What is the severity of CVE-2025-30286?

CVE-2025-30286 has a high severity rating due to its potential for arbitrary code execution.

How do I fix CVE-2025-30286?

To mitigate CVE-2025-30286, update Adobe ColdFusion to version 2025.1 or later.

What versions of ColdFusion are affected by CVE-2025-30286?

CVE-2025-30286 affects ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier.

What type of vulnerability is CVE-2025-30286?

CVE-2025-30286 is classified as an OS Command Injection vulnerability.

Can CVE-2025-30286 be exploited remotely?

Yes, CVE-2025-30286 can be exploited remotely by an attacker with no authentication required.

Vulnerability/
CVE-2025-30286

high

8.4

CWE

78 77

8/4/2025

21/4/2025

CVE-2025-30286: ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

First published: Tue Apr 08 2025(Updated: )

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. A high-privileged attacker could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction and scope is changed.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe ColdFusion	<2023.12
Adobe ColdFusion	=2021
Adobe ColdFusion	=2021-update1
Adobe ColdFusion	=2021-update10
Adobe ColdFusion	=2021-update11
Adobe ColdFusion	=2021-update12
Adobe ColdFusion	=2021-update13
Adobe ColdFusion	=2021-update14
Adobe ColdFusion	=2021-update15
Adobe ColdFusion	=2021-update16
Adobe ColdFusion	=2021-update17
Adobe ColdFusion	=2021-update18
Adobe ColdFusion	=2021-update2
Adobe ColdFusion	=2021-update3
Adobe ColdFusion	=2021-update4
Adobe ColdFusion	=2021-update5
Adobe ColdFusion	=2021-update6
Adobe ColdFusion	=2021-update7
Adobe ColdFusion	=2021-update8
Adobe ColdFusion	=2021-update9
Adobe ColdFusion	=2023
Adobe ColdFusion	=2023-update1
Adobe ColdFusion	=2023-update10
Adobe ColdFusion	=2023-update11
Adobe ColdFusion	=2023-update12
Adobe ColdFusion	=2023-update2
Adobe ColdFusion	=2023-update3
Adobe ColdFusion	=2023-update4
Adobe ColdFusion	=2023-update5
Adobe ColdFusion	=2023-update6
Adobe ColdFusion	=2023-update7
Adobe ColdFusion	=2023-update8
Adobe ColdFusion	=2023-update9
Adobe ColdFusion	=2025

Never miss a vulnerability like this again

Reference Links

https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html

Frequently Asked Questions

What is the severity of CVE-2025-30286?
CVE-2025-30286 has a high severity rating due to its potential for arbitrary code execution.
How do I fix CVE-2025-30286?
To mitigate CVE-2025-30286, update Adobe ColdFusion to version 2025.1 or later.
What versions of ColdFusion are affected by CVE-2025-30286?
CVE-2025-30286 affects ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier.
What type of vulnerability is CVE-2025-30286?
CVE-2025-30286 is classified as an OS Command Injection vulnerability.
Can CVE-2025-30286 be exploited remotely?
Yes, CVE-2025-30286 can be exploited remotely by an attacker with no authentication required.

agent/title
agent/weakness
agent/references
agent/first-publish-date
agent/type
agent/description
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
agent/author
agent/source
agent/severity
agent/event
agent/tags
agent/last-modified-date
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
vendor/adobe
canonical/adobe coldfusion
version/adobe coldfusion/2021
version/adobe coldfusion/2021-update1
version/adobe coldfusion/2021-update10
version/adobe coldfusion/2021-update11
version/adobe coldfusion/2021-update12
version/adobe coldfusion/2021-update13
version/adobe coldfusion/2021-update14
version/adobe coldfusion/2021-update15
version/adobe coldfusion/2021-update16
version/adobe coldfusion/2021-update17
version/adobe coldfusion/2021-update18
version/adobe coldfusion/2021-update2
version/adobe coldfusion/2021-update3
version/adobe coldfusion/2021-update4
version/adobe coldfusion/2021-update5
version/adobe coldfusion/2021-update6
version/adobe coldfusion/2021-update7
version/adobe coldfusion/2021-update8
version/adobe coldfusion/2021-update9
version/adobe coldfusion/2023
version/adobe coldfusion/2023-update1
version/adobe coldfusion/2023-update10
version/adobe coldfusion/2023-update11
version/adobe coldfusion/2023-update12
version/adobe coldfusion/2023-update2
version/adobe coldfusion/2023-update3
version/adobe coldfusion/2023-update4
version/adobe coldfusion/2023-update5
version/adobe coldfusion/2023-update6
version/adobe coldfusion/2023-update7
version/adobe coldfusion/2023-update8
version/adobe coldfusion/2023-update9
version/adobe coldfusion/2025