← Back to CVEs
CVE-2025-54253
CRITICALCISA KEV10.0
Description
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
CVE Details
CVSS v3.1 Score10.0
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published8/5/2025
Last Modified10/23/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorAdobe
ProductExperience Manager (AEM) Forms
Vulnerability NameAdobe Experience Manager Forms Code Execution Vulnerability
KEV Date Added2025-10-15
Remediation Due Date2025-11-05
Ransomware UseUnknown
Affected Products
adobe:experience_manager_forms
Weaknesses (CWE)
CWE-863
References
https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html(psirt@adobe.com)
https://slcyber.io/assetnote-security-research-center/struts-devmode-in-2025-critical-pre-auth-vulnerabilities-in-adobe-experience-manager-forms/(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54253(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.