CVE-2025-30281

Critical CVSS 9.1

Overview

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction, and scope is changed.

CWE: CWE-284 Published: 2025-04-08T20:15:25.670

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.1 (CRITICAL)
Detected tags: misconfiguration, rce (tag impact: VERY HIGH)

Recommended actions:

Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.

Overview

Recommended tools

Tags