10

CVE-2025-54253

Warnung
Medienbericht
Exploit

Adobe Experience Manager | Incorrect Authorization (CWE-863)

Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeExperience Manager Forms Version <= 6.5.23.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login

16.10.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Experience Manager Forms Code Execution Vulnerability

Schwachstelle

Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 87.52% 0.997
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@adobe.com 10 3.9 6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
17.10.2025 13:43
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.08.2025 11:36
https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html
Vendor Advisory
https://slcyber.io/assetnote-security-research-center/struts-devmode-in-2025-critical-pre-auth-vulnerabilities-in-adobe-experience-manager-forms/
Third Party Advisory
Exploit
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54253
Third Party Advisory
US Government Resource