{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-30294", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2025-03-20T17:36:17.301Z", "datePublished": "2025-04-08T20:02:57.132Z", "dateUpdated": "2025-04-22T21:46:21.017Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "2025.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2025-04-08T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized read access. Exploitation of this issue does not require user interaction and scope is changed."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 6.8, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "HIGH", "modifiedScope": "CHANGED", "modifiedUserInteraction": "NONE", "privilegesRequired": "HIGH", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 6.8, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2025-04-22T21:46:21.017Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html"}], "source": {"discovery": "EXTERNAL"}, "title": "ColdFusion | Improper Input Validation (CWE-20)"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-30294", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-08T20:29:29.394712Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T20:41:33.297Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-30294", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-08T20:29:29.394712Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T20:32:46.548Z"}}], "cna": {"title": "ColdFusion | Improper Input Validation (CWE-20)", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "modifiedScope": "CHANGED", "temporalScore": 6.8, "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "temporalSeverity": "MEDIUM", "availabilityImpact": "NONE", "environmentalScore": 6.8, "privilegesRequired": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NETWORK", "confidentialityImpact": "HIGH", "environmentalSeverity": "MEDIUM", "availabilityRequirement": "NOT_DEFINED", "modifiedIntegrityImpact": "NONE", "modifiedUserInteraction": "NONE", "modifiedAttackComplexity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAvailabilityImpact": "NONE", "modifiedPrivilegesRequired": "HIGH", "modifiedConfidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Adobe", "product": "ColdFusion", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2025.0"}], "defaultStatus": "affected"}], "datePublic": "2025-04-08T17:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized read access. Exploitation of this issue does not require user interaction and scope is changed."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2025-04-22T21:46:21.017Z"}}}, "cveMetadata": {"cveId": "CVE-2025-30294", "state": "PUBLISHED", "dateUpdated": "2025-04-22T21:46:21.017Z", "dateReserved": "2025-03-20T17:36:17.301Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2025-04-08T20:02:57.132Z", "assignerShortName": "adobe"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*", "matchCriteriaId": "7A94B406-C011-4673-8C2B-0DD94D46CC4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*", "matchCriteriaId": "AFD05E3A-10F9-4C75-9710-BA46B66FF6E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update10:*:*:*:*:*:*", "matchCriteriaId": "F1FC7D1D-6DD2-48B2-980F-B001B0F24473", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update11:*:*:*:*:*:*", "matchCriteriaId": "1FA19E1D-61C2-4640-AF06-4BCFE750BDF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update12:*:*:*:*:*:*", "matchCriteriaId": "3F331DEA-F3D0-4B13-AB1E-6FE39B2BB55D", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update13:*:*:*:*:*:*", "matchCriteriaId": "63D5CF84-4B0D-48AE-95D6-262AEA2FFDE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update14:*:*:*:*:*:*", "matchCriteriaId": "10616A3A-0C1C-474A-BD7D-A2A5BB870F74", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update15:*:*:*:*:*:*", "matchCriteriaId": "D7DA523E-1D9B-45FD-94D9-D4F9F2B9296B", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update16:*:*:*:*:*:*", "matchCriteriaId": "151AFF8B-F05C-4D27-85FC-DF88E9C11BEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update17:*:*:*:*:*:*", "matchCriteriaId": "53A0E245-2915-4DFF-AFB5-A12F5C435702", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update18:*:*:*:*:*:*", "matchCriteriaId": "C5653D18-7534-48A3-819F-9F049A418F99", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*", "matchCriteriaId": "D57C8681-AC68-47DF-A61E-B5C4B4A47663", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*", "matchCriteriaId": "75608383-B727-48D6-8FFA-D552A338A562", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*", "matchCriteriaId": "7773DB68-414A-4BA9-960F-52471A784379", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*", "matchCriteriaId": "B38B9E86-BCD5-4BCA-8FB7-EC55905184E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*", "matchCriteriaId": "5E7BAB80-8455-4570-A2A2-8F40469EE9CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*", "matchCriteriaId": "F9D645A2-E02D-4E82-A2BD-0A7DE5B8FBCC", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*", "matchCriteriaId": "6E22D701-B038-4795-AA32-A18BC93C2B6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update9:*:*:*:*:*:*", "matchCriteriaId": "CAC4A0EC-C3FC-47D8-86CE-0E6A87A7F0B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*", "matchCriteriaId": "B02A37FE-5D31-4892-A3E6-156A8FE62D28", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*", "matchCriteriaId": "0AA3D302-CFEE-4DFD-AB92-F53C87721BFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:*", "matchCriteriaId": "645D1B5F-2DAB-4AB8-A465-AC37FF494F95", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:*", "matchCriteriaId": "ED6D8996-0770-4C9F-BEA5-87EA479D40A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:*", "matchCriteriaId": "4836086E-3D4A-4A07-A372-382D385CB490", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*", "matchCriteriaId": "EB88D4FE-5496-4639-BAF2-9F29F24ABF29", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*", "matchCriteriaId": "43E0ED98-2C1F-40B8-AF60-FEB1D85619C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*", "matchCriteriaId": "76204873-C6E0-4202-8A03-0773270F1802", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*", "matchCriteriaId": "C1A22BE9-0D47-4BA8-8BDB-9B12D7A0F7C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:*", "matchCriteriaId": "E3A83642-BF14-4C37-BD94-FA76AABE8ADC", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:*", "matchCriteriaId": "A892E1DC-F2C8-4F53-8580-A2D1BEED5A25", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:*", "matchCriteriaId": "DB97ADBA-C1A9-4EE0-9509-68CB12358AE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:*", "matchCriteriaId": "E17C38F0-9B0F-4433-9CBD-6E3D63EA9BDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:*", "matchCriteriaId": "30779417-D4E5-4A01-BE0E-1CE1D134292A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized read access. Exploitation of this issue does not require user interaction and scope is changed."}, {"lang": "es", "value": "Las versiones 2023.12, 2021.18, 2025.0 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de validaci\u00f3n de entrada incorrecta que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso no autorizado. Para explotar este problema, la v\u00edctima debe abrir un archivo malicioso."}], "id": "CVE-2025-30294", "lastModified": "2025-04-23T16:44:53.987", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.0, "source": "psirt@adobe.com", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2025-04-08T20:15:27.527", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "psirt@adobe.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}