Vulnerability Description
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Experience Manager Forms | <= 6.5.23.0 |
Related Weaknesses (CWE)
References
- https://helpx.adobe.com/security/products/aem-forms/apsb25-82.htmlVendor Advisory
- https://slcyber.io/assetnote-security-research-center/struts-devmode-in-2025-criExploitThird Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2025-54253?
CVE-2025-54253 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to by...
How severe is CVE-2025-54253?
CVE-2025-54253 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-54253?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Experience Manager Forms.