CVE-2025-54253

Published Aug 5, 2025

Last updated 2 months ago

Exploit knownCVSS critical 10.0
Adobe Experience Manager

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-54253 is a misconfiguration vulnerability affecting Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23 and earlier. It stems from an authentication bypass in the /adminui module combined with a misconfigured developer setting. The vulnerability exists because Struts2's development mode was mistakenly left enabled. This misconfiguration allows attackers to execute arbitrary code. Specifically, it enables the execution of OGNL expressions through debug parameters sent in HTTP requests. Exploitation of this vulnerability does not require user interaction.

Description
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
Source
psirt@adobe.com
NVD status
Analyzed
Products
experience_manager_forms

Risk scores

CVSS 3.1

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Adobe Experience Manager Forms Code Execution Vulnerability
Exploit added on
Oct 15, 2025
Exploit action due
Nov 5, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@adobe.com
CWE-863

Social media

Hype score
Not currently trending

  1. 【アーカイブ】 【アーカイブ】 【緊急】Adobe AEM Forms on JEEに深刻な脆弱性(CVE-2025-54253)発覚!被害状況と対策を解説 https://t.co/Iv4DFZ6vVV #ブログ仲間と繋がりたい #Webライター

    @CyberNote_media

    10 Dec 2025

    77 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 【アーカイブ】 【アーカイブ】 【緊急】Adobe AEM Forms on JEEに深刻な脆弱性(CVE-2025-54253)発覚!被害状況と対策を解説 https://t.co/Iv4DFZ5Y6n #ブログ仲間と繋がりたい #Webライター

    @CyberNote_media

    6 Dec 2025

    42 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 【アーカイブ】 【アーカイブ】 【緊急】Adobe AEM Forms on JEEに深刻な脆弱性(CVE-2025-54253)発覚!被害状況と対策を解説 https://t.co/dqgMjex5zu #ブログ仲間と繋がりたい #Webライター

    @Teeeda_worker

    4 Dec 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 【アーカイブ】 Adobeの重要な脆弱性!対策方法を今すぐ確認しよう。 【緊急】Adobe AEM Forms on JEEに深刻な脆弱性(CVE-2025-54253)発覚!被害状況と対策を解説 https://t.co/Iv4DFZ6vVV #cybernote #ブログ仲間と繋がりたい

    @CyberNote_media

    22 Nov 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 【アーカイブ】 Adobe AEM Formsの脆弱性に要注意!詳細と対策を確認しよう。 【緊急】Adobe AEM Forms on JEEに深刻な脆弱性(CVE-2025-54253)発覚!被害状況と対策を解説 https://t.co/Iv4DFZ5Y6n #cybernote #ブログ仲間と繋が

    @CyberNote_media

    21 Nov 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 【アーカイブ】 重要な脆弱性情報!対策法を確認しましょう。 【緊急】Adobe AEM Forms on JEEに深刻な脆弱性(CVE-2025-54253)発覚!被害状況と対策を解説 https://t.co/Iv4DFZ5Y6n #cybernote #ブログ仲間と繋がりたい #Webラ

    @CyberNote_media

    18 Nov 2025

    140 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 【アーカイブ】 Adobe AEM Formsに脆弱性発見!早急な対策を! 【緊急】Adobe AEM Forms on JEEに深刻な脆弱性(CVE-2025-54253)発覚!被害状況と対策を解説 https://t.co/dqgMjex5zu #cybernote #ブログ仲間と繋がりたい #Webライタ

    @Teeeda_worker

    16 Nov 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 【アーカイブ】 重要なAdobeの脆弱性情報!詳細と対策をチェックしよう。 【緊急】Adobe AEM Forms on JEEに深刻な脆弱性(CVE-2025-54253)発覚!被害状況と対策を解説 https://t.co/Iv4DFZ6vVV #cybernote #ブログ仲間と繋がり

    @CyberNote_media

    13 Nov 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 【アーカイブ】 AEM利用者必見!脆弱性の詳細と即時対策を紹介します。 【緊急】Adobe AEM Forms on JEEに深刻な脆弱性(CVE-2025-54253)発覚!被害状況と対策を解説 https://t.co/dqgMjex5zu #cybernote #ブログ仲間と繋がり

    @Teeeda_worker

    13 Nov 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 【アーカイブ】 Adobe AEM Formsの脆弱性情報と対策を今すぐ確認! 【緊急】Adobe AEM Forms on JEEに深刻な脆弱性(CVE-2025-54253)発覚!被害状況と対策を解説 https://t.co/Iv4DFZ5Y6n #cybernote #ブログ仲間と繋がりたい #Webラ

    @CyberNote_media

    4 Nov 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 【アーカイブ】 重要情報!Adobe AEMの重大脆弱性とその対策を解説。 【緊急】Adobe AEM Forms on JEEに深刻な脆弱性(CVE-2025-54253)発覚!被害状況と対策を解説 https://t.co/dqgMjex5zu #cybernote #ブログ仲間と繋がりたい #

    @Teeeda_worker

    3 Nov 2025

    33 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 【アーカイブ】 Adobe AEM深刻脆弱性!早急な対応が必要です! 【緊急】Adobe AEM Forms on JEEに深刻な脆弱性(CVE-2025-54253)発覚!被害状況と対策を解説 https://t.co/Iv4DFZ5Y6n #cybernote #ブログ仲間と繋がりたい #Webライ

    @CyberNote_media

    3 Nov 2025

    51 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 【緊急】#Adobe AEM Forms on JEEに深刻な #脆弱性 (CVE-2025-54253)発覚!被害状況と対策を解説 https://t.co/57gZ1JjsOb

    @Teeeda_worker

    1 Nov 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 CVE-2025-54253 - critical 🚨 Adobe Experience Manager Forms - Insecure Deserialization > Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfigurati... 👾 https://t.co/WJgQ4fzHhw @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    28 Oct 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CISA KEV 警告 25/10/15:Adobe Experience Manager の脆弱性 CVE-2025-54253 を登録 https://t.co/nmiRXYt5gW CISA が Adobe の脆弱性 CVE-2025-54253 を KEV に登録しました。Adobe Experience Manager Forms の JEE

    @iototsecnews

    27 Oct 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. ⚠️Actualizaciones de seguridad de Adobe ❗CVE-2025-54253 ❗CVE-2025-54254 ➡️Más info: https://t.co/2IvLuYaUKF https://t.co/lgc7miRizB

    @CERTpy

    21 Oct 2025

    91 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 🛡️ Cyber Threat Digest – 2025-10-20 KEV: CVE-2025-54253 — Adobe Experience Manager Forms NVD: CVE-2025-11941 — vulnerability was detected in News: AWS outage crashes Amazon, Prime Video,… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv

    @dpharristech

    20 Oct 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. CVE-2025-54253'ün aktif olarak istismar edildiği ve uzaktan kod çalıştırmaya yol açabileceği bildiriliyor. Güvenliğimiz için önlemlerimizi almalıyız! Sizin bu konu hakkında düşünceleriniz neler? #CVE_2025_54253 https://t.co/sXuRWDmCgP

    @Siber_Kalkan_

    20 Oct 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2025-54253 активно эксплуатируется, что может привести к удаленному исполнению кода. Важно обновлять системы и оставаться настороже! Как вы защищаете свои

    @cybereye_ru

    20 Oct 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 🔍 𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐕𝐄 𝐛𝐫𝐞𝐚𝐤𝐝𝐨𝐰𝐧 𝐚𝐯𝐚𝐢𝐥𝐚𝐛𝐥𝐞 𝐧𝐨𝐰! New Adobe AEM vulnerability CVE-2025-54253 hits CVSS 10.0. Learn top mitigation moves before attackers strike your systems. 👉 Dive into the full

    @PurpleOps_io

    20 Oct 2025

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Adobe(アドビ) Experience Manager Forms(JEE)の脆弱性 CVE-2025-54253がCISAのKEVに登録-至急アップデートを https://t.co/jzgXiwOyEQ #セキュリティ対策Lab #セキュリティ #Security

    @securityLab_jp

    20 Oct 2025

    119 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🛡️ Cyber Threat Digest – 2025-10-19 KEV: CVE-2025-54253 — Adobe Experience Manager Forms NVD: CVE-2025-47410 — Apache Geode is vulnerable News: OpenAI confirms GPT-6 is not shipping… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv

    @dpharristech

    19 Oct 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 🚨 CRITICAL FLAW: CISA warns of an actively exploited Adobe AEM Forms vulnerability (CVE-2025-54253) with a perfect 10.0 CVSS score! Allows unauthenticated RCE. Patch immediately! 🔥 #Adobe #RCE #ZeroDay #CVE 🔗 https://t.co/urJmCE915H

    @NetSecIO

    19 Oct 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 🛡️ Cyber Threat Digest – 2025-10-18 KEV: CVE-2025-54253 — Adobe Experience Manager Forms NVD: CVE-2025-11902 — vulnerability was detected in News: ConnectWise fixes Automate bug allowing AiTM… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv

    @dpharristech

    18 Oct 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. CISA added Adobe Experience Manager RCE flaw (CVE-2025-54253, CVSS 10.0) to its KEV catalog. Affects AEM Forms on JEE ≤ 6.5.23.0. PoC is public, patch ASAP to 6.5.0-0108 or later. Mitigation deadline: Nov 5, 2025.

    @cyber_sec_raj

    18 Oct 2025

    96 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Adobe AEM Hit by Critical Flaw (CVE-2025-54253) — Why CISA Issued an Emergency Alert for Active Exploitation Read the full report on - https://t.co/B6heuToCUQ https://t.co/ZwCvk1OM3u

    @Iambivash007

    17 Oct 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. 🛡️ Cyber Threat Digest – 2025-10-17 KEV: CVE-2025-54253 — Adobe Experience Manager Forms NVD: CVE-2025-11839 — security flaw has been News: Microsoft fixes Windows bug breaking localhost… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv

    @dpharristech

    17 Oct 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Actively exploited CVE : CVE-2025-54253

    @transilienceai

    17 Oct 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  29. “Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253) https://t.co/qZyHzGCwLZ #patchmanagement

    @eyalestrin

    16 Oct 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. “Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253) https://t.co/GxlpGMOHx2 #HelpNetSecurity #Cybersecurity https://t.co/PMZDyqg7ma

    @PoseidonTPA

    16 Oct 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. CISA has added a critical vulnerability, CVE-2025-54253 (CVSS 10.0), affecting Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23.0 and earlier, to its KEV catalog due to active exploitation. https://t.co/hZyc8CKJkp

    @securityRSS

    16 Oct 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. “Perfect” #Adobe #Experience Manager vulnerability is being exploited (#CVE-2025-54253) https://t.co/neTi2yxarS

    @ScyScan

    16 Oct 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. 🚨 Maximum Severity Adobe AEM vulnerability being exploited CISA warns that attackers are actively exploiting CVE-2025-54253, a CVSS 10.0 vulnerability Patches are available. We have added an Adobe AEM honeypot for Defused Free users for a limited time - take advantage!

    @DefusedCyber

    16 Oct 2025

    1628 Impressions

    4 Retweets

    13 Likes

    7 Bookmarks

    0 Replies

    1 Quote

  34. 🛡️ Cyber Threat Digest – 2025-10-16 KEV: CVE-2025-54253 — Adobe Experience Manager Forms NVD: CVE-2025-41430 — BIG-IP SSL Orchestrator is News: Microsoft adds Copilot voice activation on… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv

    @dpharristech

    16 Oct 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. CISA Emergency Alert: Critical Adobe AEM Flaw (CVE-2025-54253, CVSS 10.0) Under Active Exploitation https://t.co/nerL4zF79f

    @Karma_X_Inc

    16 Oct 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. CISA adds Adobe AEM CVE-2025-54253 (10.0 CVSS) to KEV—debug page enables unauth RCE. Exploits active; patch to 6.5.0-0108 ASAP. Audit your systems. #CyberSec #Vuln https://t.co/h2I7tMJHiO

    @exc_actual

    16 Oct 2025

    71 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. CISA adds critical Adobe Experience Manager flaw CVE-2025-54253 to KEV list with a perfect 10.0 score. Active exploitation observed; vulnerability allows arbitrary code execution via misconfigured servlet. #AdobeAEM #CodeExecution #USA https://t.co/Z62AdVaOyB

    @TweetThreatNews

    16 Oct 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. CISA Warns of Active Attacks on Critical Adobe AEM Flaw CISA added CVE-2025-54253, a critical flaw in Adobe Experience Manager Forms (versions ≤6.5.23.0), to KEV. The bug, with CVSS 10.0, allows remote code execution via an exposed /adminui/debug servlet that evaluates https:/

    @Secwiserapp

    16 Oct 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. CISA warns of a critical Adobe AEM flaw (CVE-2025-54253) with a perfect 10.0 CVSS score, actively exploited for arbitrary code execution. Act fast! 🚨 https://t.co/rjTDYfsJF6 #CISA #AdobeAEM #Cybersecurity #Vulnerability #Exploit

    @0xT3chn0m4nc3r

    16 Oct 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. 🇺🇸 🚨 BREAKING: CISA alerts on critical Adobe Experience Manager flaw CVE-2025-54253. Active exploitation risk for arbitrary code execution. Urgent patch needed. https://t.co/Mlu5xaFeNr #Cybersecurity #Adobe #OSINT

    @STRATINT_AI

    16 Oct 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. 📌 حذرت وكالة الأمن السيبراني والبنية التحتية الأمريكية (CISA) من ثغرة خطيرة في Adobe Experience Manager، مصنفة برصيد 10.0، مما يشير إلى استغلال نشط لها. الثغرة CVE-2025-54253 ق

    @Cybercachear

    16 Oct 2025

    83 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. 🛡️ We added Adobe Experience Manager vulnerability CVE-2025-54253 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/AXhA7t0WXv

    @CISACyber

    15 Oct 2025

    5585 Impressions

    12 Retweets

    28 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  43. CVE-2025-54253 : Pre-Auth RCE in Adobe AEM Forms on JEE Critical OGNL Injection https://t.co/F0QumJRNpE

    @M0roccanX

    23 Sept 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Hackers exploit CVE-2025-54253 in Adobe AEM Forms via Pre-Auth OGNL Injection, enabling full RCE! Patch now & secure debug endpoints. Read more: https://t.co/3FFj3cIMPS #CyberSecurity #CVE2025 #RCE #AdobeAEM #OGNLInjection #RedTeam #FireCompass https://t.co/d19RcZxRhM

    @FireCompass

    22 Sept 2025

    61 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. #VulnerabilityReport #AdobeExperienceManager Adobe AEM Forms Patch: Critical Flaws (CVE-2025-54253, CVSS 10.0) Allow RCE & Arbitrary File Read, Public PoCs Available https://t.co/AX06BO5sZR

    @Komodosec

    11 Sept 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. Recent vulnerabilities affecting Adobe Experience Manager (CVE-2025-54253 / CVE-2025-54254 / CVE-2025-49533) https://t.co/TEPc1QhYt2 https://t.co/GUpwVtmRqE

    @ErcanSah1n

    29 Aug 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. Top 5 Trending CVEs: 1 - CVE-2025-38236 2 - CVE-2025-52970 3 - CVE-2025-3305 4 - CVE-2023-44487 5 - CVE-2025-54253 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    25 Aug 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. Recent vulnerabilities affecting Adobe Experience Manager (CVE-2025-54253 / CVE-2025-54254 / CVE-2025-49533) https://t.co/6KYxIAYqZQ https://t.co/auKpo5Hu4X

    @CloudVirtues

    24 Aug 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. Remote Code Execution in Adobe AEM Forms via CVE-2025-54253 (Struts2 DevMode misconfig: auth bypass + OGNL eval) and CVE-2025-49533 (Insecure Deserialization). Both rated critical, identified in a VDP (now patched). Original research: https://t.co/uJoFgzyDk0 https://t.co/H3SC

    @win3zz

    24 Aug 2025

    8616 Impressions

    34 Retweets

    179 Likes

    72 Bookmarks

    1 Reply

    0 Quotes

  50. Recent vulnerabilities affecting Adobe Experience Manager (CVE-2025-54253 / CVE-2025-54254 / CVE-2025-49533) https://t.co/eoIIacnZa8 https://t.co/0BXgkjOSBX

    @mayurk21

    20 Aug 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.