CVE-2025-30290HIGH 8.7EPSS p95.6%

CVE-2025-30290CVE-2025-30290

Description

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to bypass security protections and gain unauthorized write and delete access. Exploitation of this issue does not require user interaction and scope is changed.

Scoring

CVSS 3.18.7 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
EPSS12.11% probability of exploitation · percentile 95.6% · 2026-06-18T12:00:27Z
Published2025-04-08
Last modified2025-05-12

Underlying weaknesses· 1

CWE-22

References

  1. https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-27305
CVE
CVE-2026-47932
CVE
CVE-2025-54261
CVE
CVE-2025-30288
CVE
CVE-2025-30281
CVE
CVE-2025-43563
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.