CVE-2025-49533

CRITICAL

9.8

Description

Adobe Experience Manager (MS) versions 6.5.23.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. Scope is unchanged.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published7/8/2025

Last Modified7/18/2025

Sourcenvd

Honeypot Sightings0

Affected Products

adobe:experience_manager

Weaknesses (CWE)

CWE-502

References

https://helpx.adobe.com/security/products/aem-forms/apsb25-67.html(psirt@adobe.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.