CVE-2025-30291: ColdFusion | Information Exposure (CWE-200)

6.2 CVSS

Description

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to gain access to sensitive information which could be used to further compromise the system or bypass security mechanisms. Exploitation of this issue does not require user interaction.

Classification

CVE ID: CVE-2025-30291

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.2

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem Types

Information Exposure (CWE-200)

Affected Products

Vendor: Adobe

Product: ColdFusion

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.1% (probability of being exploited)

EPSS Percentile: 28.19% (scored less or equal to compared to others)

EPSS Date: 2025-04-21 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-30291
https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html

Timeline

2025-04-08 20:40:10 UTC
CVE

ColdFusion | Information Exposure (CWE-200)