CVE-2025-30291 MEDIUM

CVE-2025-30291: ColdFusion | Information Exposure (CWE-200)

Vendor Adobe

Product ColdFusion

Weakness CWE-200 · Info exposure

Published April 8, 2025

Last update April 18, 2025

View on NVD All CVEs

CVSS base score

5.5/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. A low privileged attacker with local access could leverage this vulnerability to gain access to sensitive information which could be used to further compromise the system or bypass security mechanisms. Exploitation of this issue does not require user interaction.

Key dates

02Disclosure timeline

April 8, 2025 CVE published

April 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-30291 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2025-30291: ColdFusion | Information Exposure (CWE-200)

01Description

02Disclosure timeline

03References

04Related CVE