ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feat

APPLICATION

18-04-2025 19:11

CVE-2025-30288 Vulnerabilidad documentada

9.1 CRITICAL

Tags

#exploit

#form

#change

#application

#vulnerability

#affected

#improper

#bypass

#security

#privilege

#protect

#pass

#issue

#execute

#attack

#access

#affect

Descripción

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low privileged attacker with local access leverage this to bypass security protections execute code. Exploitation of issue requires user interaction victim must be coerced into performing actions within the application scope is changed.

https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-30288

Resultados similares

Coincidentes en almenos en 50% de los tags

19-04-2025 CVE-2016-9684
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Comm...
Ver información

19-04-2025 CVE-2016-9683
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Comm...
Ver información