CVE-2025-49533

Published Jul 8, 2025

Last updated 2 months ago

CVSS critical 9.8
Adobe Experience Manager

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-49533 is a vulnerability affecting Adobe Experience Manager (MS) versions 6.5.23.0 and earlier. It is categorized as a Deserialization of Untrusted Data vulnerability (CWE-502). The vulnerability can lead to arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction.

Description
Adobe Experience Manager (MS) versions 6.5.23.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. Scope is unchanged.
Source
psirt@adobe.com
NVD status
Analyzed
Products
experience_manager

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

psirt@adobe.com
CWE-502

Social media

Hype score
Not currently trending

  1. Recent vulnerabilities affecting Adobe Experience Manager (CVE-2025-54253 / CVE-2025-54254 / CVE-2025-49533) https://t.co/TEPc1QhYt2 https://t.co/GUpwVtmRqE

    @ErcanSah1n

    29 Aug 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Recent vulnerabilities affecting Adobe Experience Manager (CVE-2025-54253 / CVE-2025-54254 / CVE-2025-49533) https://t.co/6KYxIAYqZQ https://t.co/auKpo5Hu4X

    @CloudVirtues

    24 Aug 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Remote Code Execution in Adobe AEM Forms via CVE-2025-54253 (Struts2 DevMode misconfig: auth bypass + OGNL eval) and CVE-2025-49533 (Insecure Deserialization). Both rated critical, identified in a VDP (now patched). Original research: https://t.co/uJoFgzyDk0 https://t.co/H3SC

    @win3zz

    24 Aug 2025

    8616 Impressions

    34 Retweets

    179 Likes

    72 Bookmarks

    1 Reply

    0 Quotes

  4. Recent vulnerabilities affecting Adobe Experience Manager (CVE-2025-54253 / CVE-2025-54254 / CVE-2025-49533) https://t.co/eoIIacnZa8 https://t.co/0BXgkjOSBX

    @mayurk21

    20 Aug 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Recent vulnerabilities affecting Adobe Experience Manager (CVE-2025-54253 / CVE-2025-54254 / CVE-2025-49533) https://t.co/UyMe8z7ka5 https://t.co/8akvjZmIke

    @SirajD_Official

    20 Aug 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.