cvelistv5 - cve-2025-30282

cve-2025-30282

Vulnerability from cvelistv5

Published
2025-04-08 20:02
Modified
2025-04-22 21:43
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
ColdFusion | Improper Authentication (CWE-287)
References
▼	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html	Vendor Advisory
Impacted products
▼	Vendor	Product
	Adobe	ColdFusion
Show details on NVD website
JSON
To clipboard
{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30282",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-08T20:30:01.299734Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-08T20:41:32.358Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "ColdFusion",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2025.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-04-08T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass authentication mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 9.1,
            "environmentalSeverity": "CRITICAL",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "CHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 9.1,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication (CWE-287)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-22T21:43:25.989Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "ColdFusion | Improper Authentication (CWE-287)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-30282",
    "datePublished": "2025-04-08T20:02:59.068Z",
    "dateReserved": "2025-03-20T17:36:17.300Z",
    "dateUpdated": "2025-04-22T21:43:25.989Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-30282\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2025-04-08T20:15:25.820\",\"lastModified\":\"2025-04-23T16:45:08.487\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass authentication mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.\"},{\"lang\":\"es\",\"value\":\"Las versiones 2023.12, 2021.18, 2025.0 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de autenticaci\u00f3n incorrecta que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir los mecanismos de autenticaci\u00f3n y ejecutar c\u00f3digo con los privilegios del usuario autenticado. Para explotar este problema, es necesario obligar a la v\u00edctima a realizar acciones dentro de la aplicaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@adobe.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"psirt@adobe.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A94B406-C011-4673-8C2B-0DD94D46CC4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFD05E3A-10F9-4C75-9710-BA46B66FF6E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update10:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1FC7D1D-6DD2-48B2-980F-B001B0F24473\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update11:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FA19E1D-61C2-4640-AF06-4BCFE750BDF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update12:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F331DEA-F3D0-4B13-AB1E-6FE39B2BB55D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update13:*:*:*:*:*:*\",\"matchCriteriaId\":\"63D5CF84-4B0D-48AE-95D6-262AEA2FFDE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update14:*:*:*:*:*:*\",\"matchCriteriaId\":\"10616A3A-0C1C-474A-BD7D-A2A5BB870F74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update15:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7DA523E-1D9B-45FD-94D9-D4F9F2B9296B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update16:*:*:*:*:*:*\",\"matchCriteriaId\":\"151AFF8B-F05C-4D27-85FC-DF88E9C11BEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update17:*:*:*:*:*:*\",\"matchCriteriaId\":\"53A0E245-2915-4DFF-AFB5-A12F5C435702\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update18:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5653D18-7534-48A3-819F-9F049A418F99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D57C8681-AC68-47DF-A61E-B5C4B4A47663\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"75608383-B727-48D6-8FFA-D552A338A562\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"7773DB68-414A-4BA9-960F-52471A784379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"B38B9E86-BCD5-4BCA-8FB7-EC55905184E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E7BAB80-8455-4570-A2A2-8F40469EE9CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9D645A2-E02D-4E82-A2BD-0A7DE5B8FBCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E22D701-B038-4795-AA32-A18BC93C2B6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2021:update9:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAC4A0EC-C3FC-47D8-86CE-0E6A87A7F0B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B02A37FE-5D31-4892-A3E6-156A8FE62D28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AA3D302-CFEE-4DFD-AB92-F53C87721BFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:*\",\"matchCriteriaId\":\"645D1B5F-2DAB-4AB8-A465-AC37FF494F95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED6D8996-0770-4C9F-BEA5-87EA479D40A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:*\",\"matchCriteriaId\":\"4836086E-3D4A-4A07-A372-382D385CB490\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB88D4FE-5496-4639-BAF2-9F29F24ABF29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"43E0ED98-2C1F-40B8-AF60-FEB1D85619C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"76204873-C6E0-4202-8A03-0773270F1802\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1A22BE9-0D47-4BA8-8BDB-9B12D7A0F7C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3A83642-BF14-4C37-BD94-FA76AABE8ADC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:*\",\"matchCriteriaId\":\"A892E1DC-F2C8-4F53-8580-A2D1BEED5A25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB97ADBA-C1A9-4EE0-9509-68CB12358AE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:*\",\"matchCriteriaId\":\"E17C38F0-9B0F-4433-9CBD-6E3D63EA9BDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"30779417-D4E5-4A01-BE0E-1CE1D134292A\"}]}]}],\"references\":[{\"url\":\"https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}
Action not permitted

cve-2025-30282

Vulnerability from cvelistv5

ghsa-cp9f-7jr4-m2mj

Vulnerability from github

Tags
