VYPR
Unrated severityNVD Advisory· Published Apr 8, 2025· Updated Apr 18, 2025

ColdFusion | Information Exposure (CWE-200)

CVE-2025-30291

Description

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. A low privileged attacker with local access could leverage this vulnerability to gain access to sensitive information which could be used to further compromise the system or bypass security mechanisms. Exploitation of this issue does not require user interaction.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.