10
CVE-2025-54253
- EPSS 41.55%
- Veröffentlicht 05.08.2025 16:53:40
- Zuletzt bearbeitet 23.10.2025 14:51:25
- Quelle psirt@adobe.com
- CVE-Watchlists
- Unerledigt
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Experience Manager Forms Version <= 6.5.23.0
16.10.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog
Adobe Experience Manager Forms Code Execution Vulnerability
SchwachstelleAdobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 41.55% | 0.973 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@adobe.com | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.