CVE-2025-30291: 
Adobe ColdFusion vulnerability analysis and mitigation

An Information Exposure vulnerability (CVE-2025-30291) was identified in Adobe ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier. The vulnerability was discovered and disclosed on April 8, 2025, and could potentially result in a security feature bypass. This vulnerability affects multiple versions of Adobe ColdFusion software and notably does not require user interaction for exploitation (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, while Adobe Systems rated it with a score of 6.2 (MEDIUM) and vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD).

The vulnerability could allow an attacker to gain access to sensitive information which could be used to further compromise the system or bypass security mechanisms. The high confidentiality impact rating in the CVSS score indicates significant potential for unauthorized information disclosure (NVD).

Adobe has released an advisory (APSB25-15) addressing this vulnerability. Users of affected ColdFusion versions should refer to the vendor advisory for detailed mitigation instructions (Adobe Advisory).