What is the vulnerability of CVE-2025-30289?

CVE-2025-30289 is an OS Command Injection vulnerability in ColdFusion that can lead to arbitrary code execution.

What versions of ColdFusion are affected by CVE-2025-30289?

CVE-2025-30289 affects ColdFusion versions 2023.12, 2021.18, and 2025.0 and earlier.

What are the potential risks of exploiting CVE-2025-30289?

Exploitation of CVE-2025-30289 can result in arbitrary code execution, allowing attackers to execute harmful commands on the server.

How can I mitigate the risk of CVE-2025-30289?

To mitigate CVE-2025-30289, upgrade to a patched version of ColdFusion that addresses this vulnerability.

Is authentication required to exploit CVE-2025-30289?

Exploiting CVE-2025-30289 does not require authentication, making it a critical security concern.

Vulnerability/
CVE-2025-30289

high

8.2

CWE

78 77

8/4/2025

24/4/2025

CVE-2025-30289: ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

First published: Tue Apr 08 2025(Updated: )

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application. Scope is changed.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe ColdFusion	<2023.12
Adobe ColdFusion	=2021
Adobe ColdFusion	=2021-update1
Adobe ColdFusion	=2021-update10
Adobe ColdFusion	=2021-update11
Adobe ColdFusion	=2021-update12
Adobe ColdFusion	=2021-update13
Adobe ColdFusion	=2021-update14
Adobe ColdFusion	=2021-update15
Adobe ColdFusion	=2021-update16
Adobe ColdFusion	=2021-update17
Adobe ColdFusion	=2021-update18
Adobe ColdFusion	=2021-update2
Adobe ColdFusion	=2021-update3
Adobe ColdFusion	=2021-update4
Adobe ColdFusion	=2021-update5
Adobe ColdFusion	=2021-update6
Adobe ColdFusion	=2021-update7
Adobe ColdFusion	=2021-update8
Adobe ColdFusion	=2021-update9
Adobe ColdFusion	=2023
Adobe ColdFusion	=2023-update1
Adobe ColdFusion	=2023-update10
Adobe ColdFusion	=2023-update11
Adobe ColdFusion	=2023-update12
Adobe ColdFusion	=2023-update2
Adobe ColdFusion	=2023-update3
Adobe ColdFusion	=2023-update4
Adobe ColdFusion	=2023-update5
Adobe ColdFusion	=2023-update6
Adobe ColdFusion	=2023-update7
Adobe ColdFusion	=2023-update8
Adobe ColdFusion	=2023-update9
Adobe ColdFusion	=2025

Never miss a vulnerability like this again

Reference Links

https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html

Frequently Asked Questions

What is the vulnerability of CVE-2025-30289?
CVE-2025-30289 is an OS Command Injection vulnerability in ColdFusion that can lead to arbitrary code execution.
What versions of ColdFusion are affected by CVE-2025-30289?
CVE-2025-30289 affects ColdFusion versions 2023.12, 2021.18, and 2025.0 and earlier.
What are the potential risks of exploiting CVE-2025-30289?
Exploitation of CVE-2025-30289 can result in arbitrary code execution, allowing attackers to execute harmful commands on the server.
How can I mitigate the risk of CVE-2025-30289?
To mitigate CVE-2025-30289, upgrade to a patched version of ColdFusion that addresses this vulnerability.
Is authentication required to exploit CVE-2025-30289?
Exploiting CVE-2025-30289 does not require authentication, making it a critical security concern.

agent/weakness
agent/references
agent/first-publish-date
agent/title
agent/type
agent/description
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
agent/author
agent/source
agent/severity
agent/event
agent/tags
agent/last-modified-date
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
vendor/adobe
canonical/adobe coldfusion
version/adobe coldfusion/2021
version/adobe coldfusion/2021-update1
version/adobe coldfusion/2021-update10
version/adobe coldfusion/2021-update11
version/adobe coldfusion/2021-update12
version/adobe coldfusion/2021-update13
version/adobe coldfusion/2021-update14
version/adobe coldfusion/2021-update15
version/adobe coldfusion/2021-update16
version/adobe coldfusion/2021-update17
version/adobe coldfusion/2021-update18
version/adobe coldfusion/2021-update2
version/adobe coldfusion/2021-update3
version/adobe coldfusion/2021-update4
version/adobe coldfusion/2021-update5
version/adobe coldfusion/2021-update6
version/adobe coldfusion/2021-update7
version/adobe coldfusion/2021-update8
version/adobe coldfusion/2021-update9
version/adobe coldfusion/2023
version/adobe coldfusion/2023-update1
version/adobe coldfusion/2023-update10
version/adobe coldfusion/2023-update11
version/adobe coldfusion/2023-update12
version/adobe coldfusion/2023-update2
version/adobe coldfusion/2023-update3
version/adobe coldfusion/2023-update4
version/adobe coldfusion/2023-update5
version/adobe coldfusion/2023-update6
version/adobe coldfusion/2023-update7
version/adobe coldfusion/2023-update8
version/adobe coldfusion/2023-update9
version/adobe coldfusion/2025