What is the severity of CVE-2025-30292?

CVE-2025-30292 has been classified as a medium severity reflected Cross-Site Scripting (XSS) vulnerability.

How do I fix CVE-2025-30292?

To fix CVE-2025-30292, update Adobe ColdFusion to version 2023.13, 2021.19, or a later version.

What versions of ColdFusion are affected by CVE-2025-30292?

CVE-2025-30292 affects Adobe ColdFusion versions 2023.12, 2021.18, and 2025.0 and earlier.

What kind of attack does CVE-2025-30292 allow?

CVE-2025-30292 allows attackers to execute malicious JavaScript content by convincing victims to visit a specially crafted URL.

What impact can CVE-2025-30292 have on users?

If exploited, CVE-2025-30292 can lead to unauthorized actions being performed on behalf of the user or the theft of sensitive information.

Vulnerability/
CVE-2025-30292

medium

6.1

CWE

8/4/2025

14/4/2025

CVE-2025-30292: ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)

First published: Tue Apr 08 2025(Updated: )

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe ColdFusion	<2023.12<2021.18<2025.0
Adobe ColdFusion	=2021
Adobe ColdFusion	=2021-update1
Adobe ColdFusion	=2021-update10
Adobe ColdFusion	=2021-update11
Adobe ColdFusion	=2021-update12
Adobe ColdFusion	=2021-update13
Adobe ColdFusion	=2021-update14
Adobe ColdFusion	=2021-update15
Adobe ColdFusion	=2021-update16
Adobe ColdFusion	=2021-update17
Adobe ColdFusion	=2021-update18
Adobe ColdFusion	=2021-update2
Adobe ColdFusion	=2021-update3
Adobe ColdFusion	=2021-update4
Adobe ColdFusion	=2021-update5
Adobe ColdFusion	=2021-update6
Adobe ColdFusion	=2021-update7
Adobe ColdFusion	=2021-update8
Adobe ColdFusion	=2021-update9
Adobe ColdFusion	=2023
Adobe ColdFusion	=2023-update1
Adobe ColdFusion	=2023-update10
Adobe ColdFusion	=2023-update11
Adobe ColdFusion	=2023-update12
Adobe ColdFusion	=2023-update2
Adobe ColdFusion	=2023-update3
Adobe ColdFusion	=2023-update4
Adobe ColdFusion	=2023-update5
Adobe ColdFusion	=2023-update6
Adobe ColdFusion	=2023-update7
Adobe ColdFusion	=2023-update8
Adobe ColdFusion	=2023-update9
Adobe ColdFusion	=2025

Never miss a vulnerability like this again

Reference Links

https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html

Frequently Asked Questions

What is the severity of CVE-2025-30292?
CVE-2025-30292 has been classified as a medium severity reflected Cross-Site Scripting (XSS) vulnerability.
How do I fix CVE-2025-30292?
To fix CVE-2025-30292, update Adobe ColdFusion to version 2023.13, 2021.19, or a later version.
What versions of ColdFusion are affected by CVE-2025-30292?
CVE-2025-30292 affects Adobe ColdFusion versions 2023.12, 2021.18, and 2025.0 and earlier.
What kind of attack does CVE-2025-30292 allow?
CVE-2025-30292 allows attackers to execute malicious JavaScript content by convincing victims to visit a specially crafted URL.
What impact can CVE-2025-30292 have on users?
If exploited, CVE-2025-30292 can lead to unauthorized actions being performed on behalf of the user or the theft of sensitive information.

agent/weakness
agent/references
agent/first-publish-date
agent/title
agent/type
agent/description
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
agent/author
agent/source
agent/severity
agent/event
agent/tags
agent/last-modified-date
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
vendor/adobe
canonical/adobe coldfusion
version/adobe coldfusion/2021
version/adobe coldfusion/2021-update1
version/adobe coldfusion/2021-update10
version/adobe coldfusion/2021-update11
version/adobe coldfusion/2021-update12
version/adobe coldfusion/2021-update13
version/adobe coldfusion/2021-update14
version/adobe coldfusion/2021-update15
version/adobe coldfusion/2021-update16
version/adobe coldfusion/2021-update17
version/adobe coldfusion/2021-update18
version/adobe coldfusion/2021-update2
version/adobe coldfusion/2021-update3
version/adobe coldfusion/2021-update4
version/adobe coldfusion/2021-update5
version/adobe coldfusion/2021-update6
version/adobe coldfusion/2021-update7
version/adobe coldfusion/2021-update8
version/adobe coldfusion/2021-update9
version/adobe coldfusion/2023
version/adobe coldfusion/2023-update1
version/adobe coldfusion/2023-update10
version/adobe coldfusion/2023-update11
version/adobe coldfusion/2023-update12
version/adobe coldfusion/2023-update2
version/adobe coldfusion/2023-update3
version/adobe coldfusion/2023-update4
version/adobe coldfusion/2023-update5
version/adobe coldfusion/2023-update6
version/adobe coldfusion/2023-update7
version/adobe coldfusion/2023-update8
version/adobe coldfusion/2023-update9
version/adobe coldfusion/2025