AI description
CVE-2025-30281 is an Improper Access Control vulnerability affecting Adobe ColdFusion versions 2023.12, 2021.18, 2025.0, and earlier. It allows an attacker to read arbitrary files from the file system, potentially accessing or modifying sensitive data without proper authorization. Exploitation of this vulnerability does not require any user interaction. The vulnerability stems from the product not restricting or incorrectly restricting access to a resource from an unauthorized actor. An attacker with high privileges can exploit this vulnerability to compromise the confidentiality and integrity of the system. It is recommended to upgrade to the latest version of Adobe ColdFusion beyond the affected versions and implement strict access controls.
- Description
- ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction.
- Source
- psirt@adobe.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@adobe.com
- CWE-284
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
🚨 Critical alert: 30 new security flaws found in Adobe ColdFusion 11 rated Critical. ⚡ Top threats: arbitrary code execution, file system read, security bypass. CVE-2025-24446 | CVSS 9.1 CVE-2025-24447 | CVSS 9.1 CVE-2025-30281 | CVSS 9.1 (and more) No active exploits yet ht
@achi_tech
12 Apr 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-30281 ⚠️🔴 CRITICAL (9.1) 🏢 Adobe - ColdFusion 🏗️ 0 🔗 https://t.co/d22GWuVfCD #CyberCron #VulnAlert #InfoSec https://t.co/X3qHZmp4As
@cybercronai
9 Apr 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-30281 ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An … https://t.co/myLOcnY8GY
@CVEnew
9 Apr 2025
111 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical alert: 30 new security flaws found in Adobe ColdFusion—11 rated Critical. ⚡ Top threats: arbitrary code execution, file system read, security bypass. CVE-2025-24446 | CVSS 9.1 CVE-2025-24447 | CVSS 9.1 CVE-2025-30281 | CVSS 9.1 (and more) No active exploits https:
@TheHackersNews
9 Apr 2025
11397 Impressions
32 Retweets
72 Likes
9 Bookmarks
3 Replies
0 Quotes
Adobeのパッチ なかでも入力検証不備「CVE-2025-24446」、信頼できないデータのデシリアライズ「CVE-2025-24447」、アクセス制御不備「CVE-2025-30281」、認証の不備「CVE-2025-30282」の4件については、共通脆弱性評価システム「CVSSv3.1」のベーススコアを「9.1」とした。 https://t.co/YJlvItNHNt
@Deer0nSecurity
8 Apr 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-30281 ColdFusion Improper Access Control Vulnerability Enables Unauthorized File System Read https://t.co/Fwo5E3rFA4
@VulmonFeeds
8 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes