4.3
CVE-2025-54251
- EPSS 10.59%
- Veröffentlicht 09.09.2025 16:36:28
- Zuletzt bearbeitet 02.10.2025 14:43:16
- Quelle psirt@adobe.com
- CVE-Watchlists
- Unerledigt
Adobe Experience Manager | XML Injection (aka Blind XPath Injection) (CWE-91)
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate XML queries and gain limited unauthorized write access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Experience Manager SwEdition- Version <= 6.5.23.0
Adobe ≫ Experience Manager SwEditionaem_cloud_service Version <= 2025.8.0
Adobe ≫ Experience Manager Version6.5 Update- SwEditionlts
Adobe ≫ Experience Manager Version6.5 Updatesp1 SwEditionlts
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.59% | 0.933 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@adobe.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-91 XML Injection (aka Blind XPath Injection)
The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.