8.7
CVE-2025-46840
- EPSS 0.06%
- Veröffentlicht 10.06.2025 22:18:33
- Zuletzt bearbeitet 13.06.2025 13:04:39
- Quelle psirt@adobe.com
- CVE-Watchlists
- Unerledigt
Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Experience Manager SwEdition- Version < 6.5.23.0
Adobe ≫ Experience Manager SwEditionaem_cloud_service Version < 2025.5.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.199 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@adobe.com | 8.7 | 2.3 | 5.8 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
|
CWE-285 Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.