CVE-2025-54253
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Adobe | Adobe Experience Manager | 0 <= 6.5.23 | affected |
Weaknesses
- CWE-863: Incorrect Authorization (CWE-863)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: yes
- Technical Impact: total
Additional References
- https://slcyber.io/assetnote-security-research-center/struts-devmode-in-2025-critical-pre-auth-vulnerabilities-in-adobe-experience-manager-forms/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54253
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.