How severe is CVE-2025-30290?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.7 out of 10.

What type of vulnerability is CVE-2025-30290?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2025-30290 - HIGH Severity | CVSS 8.7

Vulnerability Description

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to bypass security protections and gain unauthorized write and delete access. Exploitation of this issue does not require user interaction and scope is changed.

Related Vulnerabilities

CVE-2020-29494

HIGH

CVSS:8.7(High)

Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the a...

CWE-222020

CVE-2021-32008

HIGH

CVSS:8.7(High)

This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Fil...

CWE-222021

CVE-2021-41131

HIGH

CVSS:8.7(High)

python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (`tuf/client` and `tuf/ngclient`), there is a path traversal vulnerability that in the worst case can ove...

CWE-222021

CVE-2023-51364

HIGH

CVSS:8.7(High)

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose...

CWE-222023

CVE-2023-51365

HIGH

CVSS:8.7(High)

CWE-222023

CVE-2023-5504

HIGH

CVSS:8.7(High)

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrar...

CWE-222023