CVE-2025-30288: 
Adobe ColdFusion vulnerability analysis and mitigation

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability (CVE-2025-30288) that could result in a Security feature bypass. The vulnerability was disclosed on April 8, 2025, and received a CVSS v3.1 base score of 7.8 (High) from Adobe Systems Incorporated (NVD, Hacker News).

The vulnerability is classified as an Improper Access Control issue (CWE-284) that could enable security feature bypass. The CVSS v3.1 vector string is CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating that exploitation requires local access, high attack complexity, and low privileges, but no user interaction. The vulnerability affects multiple versions of Adobe ColdFusion, including the 2021, 2023, and 2025 release lines (NVD).

If successfully exploited, an attacker could bypass security measures and gain unauthorized access to the system. The vulnerability has received high severity ratings due to its potential impact on confidentiality, integrity, and availability of the affected systems (NVD).

Adobe has released security updates to address this vulnerability. Users should upgrade to ColdFusion 2021 Update 19, ColdFusion 2023 Update 13, or ColdFusion 2025 Update 1, depending on their installed version (Hacker News).