AI description
CVE-2025-54254 is an XML External Entity (XXE) vulnerability that affects Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23.0 and earlier. The vulnerability exists due to improper restrictions on XML external entity references. Successful exploitation could allow a remote, unauthenticated attacker to read sensitive files on the local file system. An attacker can send a specially crafted XML payload to trick the service into exposing local files without authentication.
- Description
- Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system, scope is changed. Exploitation of this issue does not require user interaction.
- Source
- psirt@adobe.com
- NVD status
- Modified
- Products
- experience_manager_forms
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- psirt@adobe.com
- CWE-611
- Hype score
- Not currently trending
Recent vulnerabilities affecting Adobe Experience Manager (CVE-2025-54253 / CVE-2025-54254 / CVE-2025-49533) https://t.co/eoIIacnZa8 https://t.co/0BXgkjOSBX
@mayurk21
20 Aug 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recent vulnerabilities affecting Adobe Experience Manager (CVE-2025-54253 / CVE-2025-54254 / CVE-2025-49533) https://t.co/UyMe8z7ka5 https://t.co/8akvjZmIke
@SirajD_Official
20 Aug 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en Adobe Experience Manager Forms ❗CVE-2025-54253 ❗CVE-2025-54254 ➡️Más info: https://t.co/GolVZ44BLH https://t.co/NtEjWuSABX
@CERTpy
8 Aug 2025
99 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 :CVE-2025-54253(CVSS 10.0): Misconfiguration Allowing Arbitrary Code Execution. CVE-2025-54254:Improper Restriction of XML External Entity Reference (XXE) Allowing Arbitrary File System Read. 🧐Deep Dive : https://t.co/HiCFa3GB7D 📊11.6K Services are found on th
@HunterMapping
7 Aug 2025
2795 Impressions
13 Retweets
34 Likes
12 Bookmarks
1 Reply
0 Quotes
Adobe Experience Manager Formsに重大な脆弱性(CVE-2025-54253,CVE-2025-54254) #セキュリティ対策Lab #セキュリティ #Security https://t.co/TsCQ4Q99HQ
@securityLab_jp
7 Aug 2025
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Adobe issues emergency fixes for AEM Forms zero-days after PoCs released Adobe released emergency updates for two critical zero-day vulnerabilities in Adobe Experience Manager (AEM) Forms on JEE—CVE-2025-54253 and CVE-2025-54254—after researchers disclosed a working exploit
@dCypherIO
6 Aug 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨Adobe AEM Forms Vulns Alert CVE-2025-54253 (CVSS: 10): Critical RCE via misconfig, no auth or interaction needed. CVE-2025-54254 (CVSS: 8.6): XXE flaw allows arbitrary file reads, exposing sensitive data. No auth required. Search by vul.cve Filter👉vul.cve="CVE-2025-54
@zoomeye_team
6 Aug 2025
2495 Impressions
10 Retweets
29 Likes
15 Bookmarks
1 Reply
0 Quotes
🚨🚨Adobe AEM Forms Vulns Alert CVE-2025-54253 (CVSS: 10): Critical RCE via misconfig, no auth or interaction needed. CVE-2025-54254 (CVSS: 8.6): XXE flaw allows arbitrary file reads, exposing sensitive data. No auth required. Search by vul.cve Filter👉vul.cve="CVE-2025-54
@zoomeye_team
6 Aug 2025
52 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Adobe issues urgent out-of-band patches for AEM Forms vulnerabilities CVE-2025-54253 and CVE-2025-54254, with public exploit code available. These flaws enable remote code execution and data access. #AEM #Exploit #Japan https://t.co/ZDeP8s0Zyx
@TweetThreatNews
6 Aug 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Adobe Experience Manager (AEM) Forms on JEEで重大(Critical)なゼロデイ脆弱性2件が緊急修正。CVSSスコア8.6のCVE-2025-54253とCVSSスコア10のCVE-2025-54254。PoC(攻撃の概念実証コード)公開済み。 https://t.co/jtdwf56VR1
@__kokumoto
5 Aug 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Adobe issued emergency updates for two zero-day vulnerabilities in AEM Forms, CVE-2025-54253 and CVE-2025-54254, enabling remote code execution and unauthorized file access; immediate action is recommended. #Security https://t.co/DigkE08ZWf
@Strivehawk
5 Aug 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54254 XXE Vulnerability in Adobe Experience Manager 6.5.23 Enables Arbitrary File Read https://t.co/eTVx30r89p
@VulmonFeeds
5 Aug 2025
115 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-54254: HIGH] ⚠️ Vulnerability alert: Adobe Experience Manager versions 6.5.23 and earlier exposed to XXE flaw. Attackers could access sensitive files without user interaction! Keep systems secure.#cve,CVE-2025-54254,#cybersecurity https://t.co/2btWvyL75S https://t.c
@CveFindCom
5 Aug 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54254 Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to… https://t.co/pxcf1Sjd2o
@CVEnew
5 Aug 2025
297 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:experience_manager_forms:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1449BBE4-7484-4972-8D04-BEC04C159F44",
"versionEndIncluding": "6.5.23.0"
}
],
"operator": "OR"
}
]
}
]