AI description
CVE-2025-54251 affects Adobe Experience Manager versions 6.5.23.0 and earlier. It is classified as an XML Injection vulnerability. A low-privileged attacker could exploit this vulnerability to manipulate XML queries. This could lead to a security feature bypass. Successful exploitation of CVE-2025-54251 could allow an attacker to gain limited unauthorized write access. The vulnerability stems from the software's failure to properly neutralize special elements used in XML, which allows modification of the XML syntax, content, or commands before processing.
- Description
- Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate XML queries and gain limited unauthorized write access.
- Source
- psirt@adobe.com
- NVD status
- Analyzed
- Products
- experience_manager
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
- psirt@adobe.com
- CWE-91
- Hype score
- Not currently trending
Ever stumbled on an AEM box and thought “ok… now what?” 😏 We dropped hopgoblin — new research + tool XXE, SSRF, XSS & more (CVE-2025-54251, -54249, -54252, -54250/47/48/46). 👀 time for some crits eh? 👉 https://t.co/mt7Hy0L8DN https://t.co/ZN6YfeZBOj
@ITSecurityguard
25 Sept 2025
11810 Impressions
31 Retweets
188 Likes
106 Bookmarks
2 Replies
0 Quotes
CVE-2025-54251 Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. A low-privileged… https://t.co/RNCW3fvFfJ
@CVEnew
9 Sept 2025
427 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2FFEE087-8858-44D0-8D12-9196F0E33ADA",
"versionEndIncluding": "6.5.23.0"
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A9F7972-FCFA-43C8-A3CD-5895096B4767",
"versionEndIncluding": "2025.8.0"
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F"
},
{
"criteria": "cpe:2.3:a:adobe:experience_manager:6.5:sp1:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00DDCBAD-1FEF-487F-97BB-481DC02F493A"
}
],
"operator": "OR"
}
]
}
]