Time for some vulnerability archaeology! I'm sure you're as excited as I am. In a previous post I covered a technique to generate precompiled Java bytecode to bypass Sandbox Security restrictions in Adobe ColdFusion (CVE-2025-30288). And Sandbox Security was first released with ColdFusion 4 in November 1998, so it's been around for quite some time. Perhaps reading that post made you wonder about historical sandbox escapes in ColdFusion. If it did, then consider this post an early Christmas present. 🎁
