AI description
CVE-2025-54253 is a misconfiguration vulnerability affecting Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23 and earlier. It stems from an authentication bypass in the /adminui module combined with a misconfigured developer setting. The vulnerability exists because Struts2's development mode was mistakenly left enabled. This misconfiguration allows attackers to execute arbitrary code. Specifically, it enables the execution of OGNL expressions through debug parameters sent in HTTP requests. Exploitation of this vulnerability does not require user interaction.
- Description
- Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
- Source
- psirt@adobe.com
- NVD status
- Analyzed
- Products
- experience_manager_forms
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@adobe.com
- CWE-16
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
Recent vulnerabilities affecting Adobe Experience Manager (CVE-2025-54253 / CVE-2025-54254 / CVE-2025-49533) https://t.co/eoIIacnZa8 https://t.co/0BXgkjOSBX
@mayurk21
20 Aug 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recent vulnerabilities affecting Adobe Experience Manager (CVE-2025-54253 / CVE-2025-54254 / CVE-2025-49533) https://t.co/UyMe8z7ka5 https://t.co/8akvjZmIke
@SirajD_Official
20 Aug 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Adobe AEM Forms のゼロデイ CVE-2025-54253/542540 が FIX:コード実行と不正アクセスの恐れ https://t.co/51vIq06Lwr Adobe Experience Manager Forms JEE に、2件の深刻なゼロデイ脆弱性が発見されました。1件目の CVE-2025-54253
@iototsecnews
19 Aug 2025
175 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en Adobe Experience Manager Forms ❗CVE-2025-54253 ❗CVE-2025-54254 ➡️Más info: https://t.co/GolVZ44BLH https://t.co/NtEjWuSABX
@CERTpy
8 Aug 2025
99 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Upozorňujeme na kritickou RCE zranitelnost v Adobe Experience Manager, CVE-2025-54253. Zranitelnost umožňuje neautentizovanému vzdálenému útočníkovi obejít bezpečnostní opatření a spustit libovolný kód na postiženém zařízení. Zneužití zranitelnosti nev
@GOVCERT_CZ
7 Aug 2025
759 Impressions
4 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 :CVE-2025-54253(CVSS 10.0): Misconfiguration Allowing Arbitrary Code Execution. CVE-2025-54254:Improper Restriction of XML External Entity Reference (XXE) Allowing Arbitrary File System Read. 🧐Deep Dive : https://t.co/HiCFa3GB7D 📊11.6K Services are found on th
@HunterMapping
7 Aug 2025
2795 Impressions
13 Retweets
34 Likes
12 Bookmarks
1 Reply
0 Quotes
Adobe Experience Manager Formsに重大な脆弱性(CVE-2025-54253,CVE-2025-54254) #セキュリティ対策Lab #セキュリティ #Security https://t.co/TsCQ4Q99HQ
@securityLab_jp
7 Aug 2025
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Adobe AEM RCE (CVE-2025-54253)! Zero interaction, full system code exec. Affects ≤6.5.23. Patch ASAP & monitor closely! 🔗https://t.co/es4cErUOkk https://t.co/kKcwF06HBw
@rapidriskradar
6 Aug 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Adobe issues emergency fixes for AEM Forms zero-days after PoCs released Adobe released emergency updates for two critical zero-day vulnerabilities in Adobe Experience Manager (AEM) Forms on JEE—CVE-2025-54253 and CVE-2025-54254—after researchers disclosed a working exploit
@dCypherIO
6 Aug 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨Adobe AEM Forms Vulns Alert CVE-2025-54253 (CVSS: 10): Critical RCE via misconfig, no auth or interaction needed. CVE-2025-54254 (CVSS: 8.6): XXE flaw allows arbitrary file reads, exposing sensitive data. No auth required. Search by vul.cve Filter👉vul.cve="CVE-2025-54
@zoomeye_team
6 Aug 2025
2495 Impressions
10 Retweets
29 Likes
15 Bookmarks
1 Reply
0 Quotes
🚨🚨Adobe AEM Forms Vulns Alert CVE-2025-54253 (CVSS: 10): Critical RCE via misconfig, no auth or interaction needed. CVE-2025-54254 (CVSS: 8.6): XXE flaw allows arbitrary file reads, exposing sensitive data. No auth required. Search by vul.cve Filter👉vul.cve="CVE-2025-54
@zoomeye_team
6 Aug 2025
52 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Adobe issues urgent out-of-band patches for AEM Forms vulnerabilities CVE-2025-54253 and CVE-2025-54254, with public exploit code available. These flaws enable remote code execution and data access. #AEM #Exploit #Japan https://t.co/ZDeP8s0Zyx
@TweetThreatNews
6 Aug 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-54253(CVSS 10.0)Adobe AEM Forms Patch: Critical Flaws allow RCE & Arbitrary File Read, Public PoCs Available 🎯5.2k+Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link:https://t.co/gLkkVfaEfB FOFA Query:app="Adobe-Experience-
@fofabot
6 Aug 2025
1971 Impressions
7 Retweets
27 Likes
10 Bookmarks
0 Replies
0 Quotes
CVE-2025-54253/54254 RCEなど。既にPoC公開あり。急ぎ対応を:【セキュリティ ニュース】Adobeのフォーム管理製品に脆弱性、実証コードも - 緊急パッチ公開(1ページ目 / 全1ページ):Security NEXT https://t.co/RY1nWoKYhR
@tamosan
6 Aug 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Adobe Experience Manager (AEM) Forms on JEEで重大(Critical)なゼロデイ脆弱性2件が緊急修正。CVSSスコア8.6のCVE-2025-54253とCVSSスコア10のCVE-2025-54254。PoC(攻撃の概念実証コード)公開済み。 https://t.co/jtdwf56VR1
@__kokumoto
5 Aug 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Adobe issued emergency updates for two zero-day vulnerabilities in AEM Forms, CVE-2025-54253 and CVE-2025-54254, enabling remote code execution and unauthorized file access; immediate action is recommended. #Security https://t.co/DigkE08ZWf
@Strivehawk
5 Aug 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Adobe releases emergency patches for critical AEM Forms zero-days (CVE-2025-54253/54254) that enable unauthenticated remote code execution. Researchers disclosed the flaws after exploit demos, highlighting immediate patching needs. #Adobe #ZeroDay https://t.co/fydiU7txkR
@TweetThreatNews
5 Aug 2025
132 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54253 Adobe Experience Manager Misconfiguration Vulnerability Enables Arbitrary Code Execution https://t.co/vaRNrDAKCR
@VulmonFeeds
5 Aug 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-54253: CRITICAL] Critical Adobe Experience Manager versions 6.5.23 & older have a Misconfiguration flaw allowing code execution without user interaction, posing significant cybersecurity threat.#cve,CVE-2025-54253,#cybersecurity https://t.co/3QV8C4MF7t https://t.co/
@CveFindCom
5 Aug 2025
94 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54253 Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could… https://t.co/sWoPJZ1Xf8
@CVEnew
5 Aug 2025
288 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager_forms:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1449BBE4-7484-4972-8D04-BEC04C159F44",
"versionEndIncluding": "6.5.23.0"
}
],
"operator": "OR"
}
]
}
]