CVE-2025-54253
Published Aug 5, 2025
Last updated 6 days ago
AI description
CVE-2025-54253 is a misconfiguration vulnerability affecting Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23 and earlier. It stems from an authentication bypass in the /adminui module combined with a misconfigured developer setting. The vulnerability exists because Struts2's development mode was mistakenly left enabled. This misconfiguration allows attackers to execute arbitrary code. Specifically, it enables the execution of OGNL expressions through debug parameters sent in HTTP requests. Exploitation of this vulnerability does not require user interaction.
- Description
- Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
- Source
- psirt@adobe.com
- NVD status
- Analyzed
- Products
- experience_manager_forms
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Adobe Experience Manager Forms Code Execution Vulnerability
- Exploit added on
- Oct 15, 2025
- Exploit action due
- Nov 5, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- psirt@adobe.com
- CWE-863
- Hype score
- Not currently trending
🚨 CVE-2025-54253 - critical 🚨 Adobe Experience Manager Forms - Insecure Deserialization > Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfigurati... 👾 https://t.co/WJgQ4fzHhw @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
28 Oct 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV 警告 25/10/15:Adobe Experience Manager の脆弱性 CVE-2025-54253 を登録 https://t.co/nmiRXYt5gW CISA が Adobe の脆弱性 CVE-2025-54253 を KEV に登録しました。Adobe Experience Manager Forms の JEE
@iototsecnews
27 Oct 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Actualizaciones de seguridad de Adobe ❗CVE-2025-54253 ❗CVE-2025-54254 ➡️Más info: https://t.co/2IvLuYaUKF https://t.co/lgc7miRizB
@CERTpy
21 Oct 2025
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Cyber Threat Digest – 2025-10-20 KEV: CVE-2025-54253 — Adobe Experience Manager Forms NVD: CVE-2025-11941 — vulnerability was detected in News: AWS outage crashes Amazon, Prime Video,… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv
@dpharristech
20 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54253'ün aktif olarak istismar edildiği ve uzaktan kod çalıştırmaya yol açabileceği bildiriliyor. Güvenliğimiz için önlemlerimizi almalıyız! Sizin bu konu hakkında düşünceleriniz neler? #CVE_2025_54253 https://t.co/sXuRWDmCgP
@Siber_Kalkan_
20 Oct 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54253 активно эксплуатируется, что может привести к удаленному исполнению кода. Важно обновлять системы и оставаться настороже! Как вы защищаете свои
@cybereye_ru
20 Oct 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔍 𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐕𝐄 𝐛𝐫𝐞𝐚𝐤𝐝𝐨𝐰𝐧 𝐚𝐯𝐚𝐢𝐥𝐚𝐛𝐥𝐞 𝐧𝐨𝐰! New Adobe AEM vulnerability CVE-2025-54253 hits CVSS 10.0. Learn top mitigation moves before attackers strike your systems. 👉 Dive into the full
@PurpleOps_io
20 Oct 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Adobe(アドビ) Experience Manager Forms(JEE)の脆弱性 CVE-2025-54253がCISAのKEVに登録-至急アップデートを https://t.co/jzgXiwOyEQ #セキュリティ対策Lab #セキュリティ #Security
@securityLab_jp
20 Oct 2025
119 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Cyber Threat Digest – 2025-10-19 KEV: CVE-2025-54253 — Adobe Experience Manager Forms NVD: CVE-2025-47410 — Apache Geode is vulnerable News: OpenAI confirms GPT-6 is not shipping… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv
@dpharristech
19 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL FLAW: CISA warns of an actively exploited Adobe AEM Forms vulnerability (CVE-2025-54253) with a perfect 10.0 CVSS score! Allows unauthenticated RCE. Patch immediately! 🔥 #Adobe #RCE #ZeroDay #CVE 🔗 https://t.co/urJmCE915H
@NetSecIO
19 Oct 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Cyber Threat Digest – 2025-10-18 KEV: CVE-2025-54253 — Adobe Experience Manager Forms NVD: CVE-2025-11902 — vulnerability was detected in News: ConnectWise fixes Automate bug allowing AiTM… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv
@dpharristech
18 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added Adobe Experience Manager RCE flaw (CVE-2025-54253, CVSS 10.0) to its KEV catalog. Affects AEM Forms on JEE ≤ 6.5.23.0. PoC is public, patch ASAP to 6.5.0-0108 or later. Mitigation deadline: Nov 5, 2025.
@cyber_sec_raj
18 Oct 2025
96 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Adobe AEM Hit by Critical Flaw (CVE-2025-54253) — Why CISA Issued an Emergency Alert for Active Exploitation Read the full report on - https://t.co/B6heuToCUQ https://t.co/ZwCvk1OM3u
@Iambivash007
17 Oct 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Cyber Threat Digest – 2025-10-17 KEV: CVE-2025-54253 — Adobe Experience Manager Forms NVD: CVE-2025-11839 — security flaw has been News: Microsoft fixes Windows bug breaking localhost… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv
@dpharristech
17 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-54253
@transilienceai
17 Oct 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253) https://t.co/qZyHzGCwLZ #patchmanagement
@eyalestrin
16 Oct 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253) https://t.co/GxlpGMOHx2 #HelpNetSecurity #Cybersecurity https://t.co/PMZDyqg7ma
@PoseidonTPA
16 Oct 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has added a critical vulnerability, CVE-2025-54253 (CVSS 10.0), affecting Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23.0 and earlier, to its KEV catalog due to active exploitation. https://t.co/hZyc8CKJkp
@securityRSS
16 Oct 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
“Perfect” #Adobe #Experience Manager vulnerability is being exploited (#CVE-2025-54253) https://t.co/neTi2yxarS
@ScyScan
16 Oct 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Maximum Severity Adobe AEM vulnerability being exploited CISA warns that attackers are actively exploiting CVE-2025-54253, a CVSS 10.0 vulnerability Patches are available. We have added an Adobe AEM honeypot for Defused Free users for a limited time - take advantage!
@DefusedCyber
16 Oct 2025
1628 Impressions
4 Retweets
13 Likes
7 Bookmarks
0 Replies
1 Quote
🛡️ Cyber Threat Digest – 2025-10-16 KEV: CVE-2025-54253 — Adobe Experience Manager Forms NVD: CVE-2025-41430 — BIG-IP SSL Orchestrator is News: Microsoft adds Copilot voice activation on… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv
@dpharristech
16 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Emergency Alert: Critical Adobe AEM Flaw (CVE-2025-54253, CVSS 10.0) Under Active Exploitation https://t.co/nerL4zF79f
@Karma_X_Inc
16 Oct 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds Adobe AEM CVE-2025-54253 (10.0 CVSS) to KEV—debug page enables unauth RCE. Exploits active; patch to 6.5.0-0108 ASAP. Audit your systems. #CyberSec #Vuln https://t.co/h2I7tMJHiO
@exc_actual
16 Oct 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds critical Adobe Experience Manager flaw CVE-2025-54253 to KEV list with a perfect 10.0 score. Active exploitation observed; vulnerability allows arbitrary code execution via misconfigured servlet. #AdobeAEM #CodeExecution #USA https://t.co/Z62AdVaOyB
@TweetThreatNews
16 Oct 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Active Attacks on Critical Adobe AEM Flaw CISA added CVE-2025-54253, a critical flaw in Adobe Experience Manager Forms (versions ≤6.5.23.0), to KEV. The bug, with CVSS 10.0, allows remote code execution via an exposed /adminui/debug servlet that evaluates https:/
@Secwiserapp
16 Oct 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA warns of a critical Adobe AEM flaw (CVE-2025-54253) with a perfect 10.0 CVSS score, actively exploited for arbitrary code execution. Act fast! 🚨 https://t.co/rjTDYfsJF6 #CISA #AdobeAEM #Cybersecurity #Vulnerability #Exploit
@0xT3chn0m4nc3r
16 Oct 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🇺🇸 🚨 BREAKING: CISA alerts on critical Adobe Experience Manager flaw CVE-2025-54253. Active exploitation risk for arbitrary code execution. Urgent patch needed. https://t.co/Mlu5xaFeNr #Cybersecurity #Adobe #OSINT
@STRATINT_AI
16 Oct 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 حذرت وكالة الأمن السيبراني والبنية التحتية الأمريكية (CISA) من ثغرة خطيرة في Adobe Experience Manager، مصنفة برصيد 10.0، مما يشير إلى استغلال نشط لها. الثغرة CVE-2025-54253 ق
@Cybercachear
16 Oct 2025
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Adobe Experience Manager vulnerability CVE-2025-54253 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/AXhA7t0WXv
@CISACyber
15 Oct 2025
5585 Impressions
12 Retweets
28 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2025-54253 : Pre-Auth RCE in Adobe AEM Forms on JEE Critical OGNL Injection https://t.co/F0QumJRNpE
@M0roccanX
23 Sept 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers exploit CVE-2025-54253 in Adobe AEM Forms via Pre-Auth OGNL Injection, enabling full RCE! Patch now & secure debug endpoints. Read more: https://t.co/3FFj3cIMPS #CyberSecurity #CVE2025 #RCE #AdobeAEM #OGNLInjection #RedTeam #FireCompass https://t.co/d19RcZxRhM
@FireCompass
22 Sept 2025
61 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#VulnerabilityReport #AdobeExperienceManager Adobe AEM Forms Patch: Critical Flaws (CVE-2025-54253, CVSS 10.0) Allow RCE & Arbitrary File Read, Public PoCs Available https://t.co/AX06BO5sZR
@Komodosec
11 Sept 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recent vulnerabilities affecting Adobe Experience Manager (CVE-2025-54253 / CVE-2025-54254 / CVE-2025-49533) https://t.co/TEPc1QhYt2 https://t.co/GUpwVtmRqE
@ErcanSah1n
29 Aug 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-38236 2 - CVE-2025-52970 3 - CVE-2025-3305 4 - CVE-2023-44487 5 - CVE-2025-54253 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
25 Aug 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recent vulnerabilities affecting Adobe Experience Manager (CVE-2025-54253 / CVE-2025-54254 / CVE-2025-49533) https://t.co/6KYxIAYqZQ https://t.co/auKpo5Hu4X
@CloudVirtues
24 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Remote Code Execution in Adobe AEM Forms via CVE-2025-54253 (Struts2 DevMode misconfig: auth bypass + OGNL eval) and CVE-2025-49533 (Insecure Deserialization). Both rated critical, identified in a VDP (now patched). Original research: https://t.co/uJoFgzyDk0 https://t.co/H3SC
@win3zz
24 Aug 2025
8616 Impressions
34 Retweets
179 Likes
72 Bookmarks
1 Reply
0 Quotes
Recent vulnerabilities affecting Adobe Experience Manager (CVE-2025-54253 / CVE-2025-54254 / CVE-2025-49533) https://t.co/eoIIacnZa8 https://t.co/0BXgkjOSBX
@mayurk21
20 Aug 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recent vulnerabilities affecting Adobe Experience Manager (CVE-2025-54253 / CVE-2025-54254 / CVE-2025-49533) https://t.co/UyMe8z7ka5 https://t.co/8akvjZmIke
@SirajD_Official
20 Aug 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Adobe AEM Forms のゼロデイ CVE-2025-54253/542540 が FIX:コード実行と不正アクセスの恐れ https://t.co/51vIq06Lwr Adobe Experience Manager Forms JEE に、2件の深刻なゼロデイ脆弱性が発見されました。1件目の CVE-2025-54253
@iototsecnews
19 Aug 2025
175 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en Adobe Experience Manager Forms ❗CVE-2025-54253 ❗CVE-2025-54254 ➡️Más info: https://t.co/GolVZ44BLH https://t.co/NtEjWuSABX
@CERTpy
8 Aug 2025
99 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Upozorňujeme na kritickou RCE zranitelnost v Adobe Experience Manager, CVE-2025-54253. Zranitelnost umožňuje neautentizovanému vzdálenému útočníkovi obejít bezpečnostní opatření a spustit libovolný kód na postiženém zařízení. Zneužití zranitelnosti nev
@GOVCERT_CZ
7 Aug 2025
759 Impressions
4 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 :CVE-2025-54253(CVSS 10.0): Misconfiguration Allowing Arbitrary Code Execution. CVE-2025-54254:Improper Restriction of XML External Entity Reference (XXE) Allowing Arbitrary File System Read. 🧐Deep Dive : https://t.co/HiCFa3GB7D 📊11.6K Services are found on th
@HunterMapping
7 Aug 2025
2795 Impressions
13 Retweets
34 Likes
12 Bookmarks
1 Reply
0 Quotes
Adobe Experience Manager Formsに重大な脆弱性(CVE-2025-54253,CVE-2025-54254) #セキュリティ対策Lab #セキュリティ #Security https://t.co/TsCQ4Q99HQ
@securityLab_jp
7 Aug 2025
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Adobe AEM RCE (CVE-2025-54253)! Zero interaction, full system code exec. Affects ≤6.5.23. Patch ASAP & monitor closely! 🔗https://t.co/es4cErUOkk https://t.co/kKcwF06HBw
@rapidriskradar
6 Aug 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Adobe issues emergency fixes for AEM Forms zero-days after PoCs released Adobe released emergency updates for two critical zero-day vulnerabilities in Adobe Experience Manager (AEM) Forms on JEE—CVE-2025-54253 and CVE-2025-54254—after researchers disclosed a working exploit
@dCypherIO
6 Aug 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨Adobe AEM Forms Vulns Alert CVE-2025-54253 (CVSS: 10): Critical RCE via misconfig, no auth or interaction needed. CVE-2025-54254 (CVSS: 8.6): XXE flaw allows arbitrary file reads, exposing sensitive data. No auth required. Search by vul.cve Filter👉vul.cve="CVE-2025-54
@zoomeye_team
6 Aug 2025
2495 Impressions
10 Retweets
29 Likes
15 Bookmarks
1 Reply
0 Quotes
🚨🚨Adobe AEM Forms Vulns Alert CVE-2025-54253 (CVSS: 10): Critical RCE via misconfig, no auth or interaction needed. CVE-2025-54254 (CVSS: 8.6): XXE flaw allows arbitrary file reads, exposing sensitive data. No auth required. Search by vul.cve Filter👉vul.cve="CVE-2025-54
@zoomeye_team
6 Aug 2025
52 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Adobe issues urgent out-of-band patches for AEM Forms vulnerabilities CVE-2025-54253 and CVE-2025-54254, with public exploit code available. These flaws enable remote code execution and data access. #AEM #Exploit #Japan https://t.co/ZDeP8s0Zyx
@TweetThreatNews
6 Aug 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-54253(CVSS 10.0)Adobe AEM Forms Patch: Critical Flaws allow RCE & Arbitrary File Read, Public PoCs Available 🎯5.2k+Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link:https://t.co/gLkkVfaEfB FOFA Query:app="Adobe-Experience-
@fofabot
6 Aug 2025
1971 Impressions
7 Retweets
27 Likes
10 Bookmarks
0 Replies
0 Quotes
CVE-2025-54253/54254 RCEなど。既にPoC公開あり。急ぎ対応を:【セキュリティ ニュース】Adobeのフォーム管理製品に脆弱性、実証コードも - 緊急パッチ公開(1ページ目 / 全1ページ):Security NEXT https://t.co/RY1nWoKYhR
@tamosan
6 Aug 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager_forms:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1449BBE4-7484-4972-8D04-BEC04C159F44",
"versionEndIncluding": "6.5.23.0"
}
],
"operator": "OR"
}
]
}
]