{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-30290", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2025-03-20T17:36:17.301Z", "datePublished": "2025-04-08T20:02:59.926Z", "dateUpdated": "2025-05-09T16:26:11.696Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "ColdFusion", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "2025.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2025-04-08T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to bypass security protections and gain unauthorized write and delete access. Exploitation of this issue does not require user interaction and scope is changed."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 8.7, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "NONE", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "HIGH", "modifiedScope": "CHANGED", "modifiedUserInteraction": "NONE", "privilegesRequired": "HIGH", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 8.7, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2025-05-09T16:26:11.696Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html"}], "source": {"discovery": "EXTERNAL"}, "title": "ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-30290", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-08T20:30:24.517777Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T20:41:32.226Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-30290", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-08T20:30:24.517777Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T20:32:36.492Z"}}], "cna": {"title": "ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "modifiedScope": "CHANGED", "temporalScore": 8.7, "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "temporalSeverity": "HIGH", "availabilityImpact": "HIGH", "environmentalScore": 8.7, "privilegesRequired": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NETWORK", "confidentialityImpact": "NONE", "environmentalSeverity": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedIntegrityImpact": "HIGH", "modifiedUserInteraction": "NONE", "modifiedAttackComplexity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAvailabilityImpact": "HIGH", "modifiedPrivilegesRequired": "HIGH", "modifiedConfidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Adobe", "product": "ColdFusion", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2025.0"}], "defaultStatus": "affected"}], "datePublic": "2025-04-08T17:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to bypass security protections and gain unauthorized write and delete access. Exploitation of this issue does not require user interaction and scope is changed."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2025-05-09T16:26:11.696Z"}}}, "cveMetadata": {"cveId": "CVE-2025-30290", "state": "PUBLISHED", "dateUpdated": "2025-05-09T16:26:11.696Z", "dateReserved": "2025-03-20T17:36:17.301Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2025-04-08T20:02:59.926Z", "assignerShortName": "adobe"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*", "matchCriteriaId": "7A94B406-C011-4673-8C2B-0DD94D46CC4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*", "matchCriteriaId": "AFD05E3A-10F9-4C75-9710-BA46B66FF6E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update10:*:*:*:*:*:*", "matchCriteriaId": "F1FC7D1D-6DD2-48B2-980F-B001B0F24473", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update11:*:*:*:*:*:*", "matchCriteriaId": "1FA19E1D-61C2-4640-AF06-4BCFE750BDF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update12:*:*:*:*:*:*", "matchCriteriaId": "3F331DEA-F3D0-4B13-AB1E-6FE39B2BB55D", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update13:*:*:*:*:*:*", "matchCriteriaId": "63D5CF84-4B0D-48AE-95D6-262AEA2FFDE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update14:*:*:*:*:*:*", "matchCriteriaId": "10616A3A-0C1C-474A-BD7D-A2A5BB870F74", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update15:*:*:*:*:*:*", "matchCriteriaId": "D7DA523E-1D9B-45FD-94D9-D4F9F2B9296B", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update16:*:*:*:*:*:*", "matchCriteriaId": "151AFF8B-F05C-4D27-85FC-DF88E9C11BEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update17:*:*:*:*:*:*", "matchCriteriaId": "53A0E245-2915-4DFF-AFB5-A12F5C435702", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update18:*:*:*:*:*:*", "matchCriteriaId": "C5653D18-7534-48A3-819F-9F049A418F99", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*", "matchCriteriaId": "D57C8681-AC68-47DF-A61E-B5C4B4A47663", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*", "matchCriteriaId": "75608383-B727-48D6-8FFA-D552A338A562", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*", "matchCriteriaId": "7773DB68-414A-4BA9-960F-52471A784379", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*", "matchCriteriaId": "B38B9E86-BCD5-4BCA-8FB7-EC55905184E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*", "matchCriteriaId": "5E7BAB80-8455-4570-A2A2-8F40469EE9CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*", "matchCriteriaId": "F9D645A2-E02D-4E82-A2BD-0A7DE5B8FBCC", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*", "matchCriteriaId": "6E22D701-B038-4795-AA32-A18BC93C2B6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update9:*:*:*:*:*:*", "matchCriteriaId": "CAC4A0EC-C3FC-47D8-86CE-0E6A87A7F0B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*", "matchCriteriaId": "B02A37FE-5D31-4892-A3E6-156A8FE62D28", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*", "matchCriteriaId": "0AA3D302-CFEE-4DFD-AB92-F53C87721BFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:*", "matchCriteriaId": "645D1B5F-2DAB-4AB8-A465-AC37FF494F95", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:*", "matchCriteriaId": "ED6D8996-0770-4C9F-BEA5-87EA479D40A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:*", "matchCriteriaId": "4836086E-3D4A-4A07-A372-382D385CB490", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*", "matchCriteriaId": "EB88D4FE-5496-4639-BAF2-9F29F24ABF29", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*", "matchCriteriaId": "43E0ED98-2C1F-40B8-AF60-FEB1D85619C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*", "matchCriteriaId": "76204873-C6E0-4202-8A03-0773270F1802", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*", "matchCriteriaId": "C1A22BE9-0D47-4BA8-8BDB-9B12D7A0F7C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:*", "matchCriteriaId": "E3A83642-BF14-4C37-BD94-FA76AABE8ADC", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:*", "matchCriteriaId": "A892E1DC-F2C8-4F53-8580-A2D1BEED5A25", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:*", "matchCriteriaId": "DB97ADBA-C1A9-4EE0-9509-68CB12358AE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:*", "matchCriteriaId": "E17C38F0-9B0F-4433-9CBD-6E3D63EA9BDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:*", "matchCriteriaId": "30779417-D4E5-4A01-BE0E-1CE1D134292A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to bypass security protections and gain unauthorized write and delete access. Exploitation of this issue does not require user interaction and scope is changed."}, {"lang": "es", "value": "Las versiones 2023.12, 2021.18, 2025.0 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de limitaci\u00f3n incorrecta de una ruta de acceso a un directorio restringido (\u00abPath Traversal\u00bb), que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante podr\u00eda explotar esta vulnerabilidad para acceder a archivos y directorios almacenados fuera del directorio restringido previsto. Para explotar este problema, se requiere la interacci\u00f3n del usuario."}], "id": "CVE-2025-30290", "lastModified": "2025-05-12T16:40:28.490", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 5.8, "source": "psirt@adobe.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-04-08T20:15:26.883", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "psirt@adobe.com", "type": "Secondary"}]}

{}