CVE-2025-54251

Summary

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate XML queries and gain limited unauthorized write access.

Affected Software

VendorProductVersion RangeStatus
AdobeAdobe Experience Manager0 <= 6.5.23.0affected

Weaknesses

  • CWE-91: XML Injection (aka Blind XPath Injection) (CWE-91)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References