CVE-2025-54253— Adobe Experience Manager | Incorrect Authorization (CWE-863)
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-54253
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Adobe Experience Manager | Incorrect Authorization (CWE-863)
Source: NVD (National Vulnerability Database)
Vulnerability Description
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Adobe Experience Manager 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Adobe Experience Manager(AEM)是美国奥多比(Adobe)公司的一套可用于构建网站、移动应用程序和表单的内容管理解决方案。该方案支持移动内容管理、营销销售活动管理和多站点管理等。 Adobe Experience Manager(AEM)6.5.23及之前版本存在安全漏洞,该漏洞源于配置不当,可能导致任意代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Adobe | Adobe Experience Manager | 0 ~ 6.5.23 | - |
II. Public POCs for CVE-2025-54253
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | CVE-2025-54253 | https://github.com/B1ack4sh/Blackash-CVE-2025-54253 | POC Details |
| 2 | Simulated PoC for CVE-2025-54253: Adobe AEM OGNL Injection Vulnerability | https://github.com/Shivshantp/CVE-2025-54253-Exploit-Demo | POC Details |
| 3 | None | https://github.com/barbaraeivyu/CVE-2025-54253-e | POC Details |
| 4 | 🐙 CVE-2025-54253 exploit demo for Adobe AEM Forms on JEE: OGNL injection to RCE with PoC, Python 3.10 exploit code, reproducer and mitigation guidance. | https://github.com/jm7knz/CVE-2025-54253-Exploit-Demo | POC Details |
| 5 | 🚨 Demonstrate CVE-2025-54253, a critical OGNL injection vulnerability in Adobe AEM Forms, for educational and research purposes. | https://github.com/akujedanjedon/CVE-2025-54253-Exploit-Demo | POC Details |
| 6 | آسیبپذیری بحرانی با شناسه CVE-2025-54253 در محصول Adobe Experience Manager Forms (JEE) شناسایی شده است | https://github.com/25145hg654511135gfhfkr8488r8r8r8r8r/test | POC Details |
| 7 | cve-2025-54253 | https://github.com/25145hg654511135gfhfkr8488r8r8r8r8r/test2 | POC Details |
| 8 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-54253.yaml | POC Details |
| 9 | Breaking down CVE-2025-54253 — an Adobe AEM-Forms exploit path from XXE to full remote code execution and its real-world impact. | https://github.com/AdityaBhatt3010/CVE-2025-54253-Inside-the-Adobe-AEM-Forms-Zero-Day | POC Details |
| 10 | CVE-2025-54253 | https://github.com/Ashwesker/Blackash-CVE-2025-54253 | POC Details |
| 11 | CVE-2025-54253 | https://github.com/Ashwesker/Ashwesker-CVE-2025-54253 | POC Details |
| 12 | CVE-2025-54253 | CVE-2025-54254 | Adobe Experience Manager Forms XXE → RCE Framework | https://github.com/zoomdbz/AEMPWN | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-54253
请登录查看更多情报信息。
Same Patch Batch · Adobe · 2025-08-05 · 3 CVEs total
| CVE-2025-54254 | 8.6 HIGH | Adobe Experience Manager | Improper Restriction of XML External Entity Reference ('XXE') ( |
| CVE-2025-46958 | 5.4 MEDIUM | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
IV. Related Vulnerabilities
Same product: Adobe Experience Manager
- CVE-2026-34625
Adobe Experience Manager | Cross-site Scripting (DOM-based X - CVE-2026-34623
Adobe Experience Manager | Cross-site Scripting (DOM-based X - CVE-2026-34624
Adobe Experience Manager | Cross-site Scripting (DOM-based X - CVE-2026-27288
Adobe Experience Manager | Cross-site Scripting (DOM-based X - CVE-2026-27241
Adobe Experience Manager | Cross-site Scripting (Stored XSS)
Same vendor: Adobe
- CVE-2026-34632
Photoshop Installer | CWE-427: Uncontrolled Search Path Elem - CVE-2026-27297
Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (C - CVE-2026-27300
Adobe Framemaker | Access of Uninitialized Pointer (CWE-824) - CVE-2026-27296
Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (C - CVE-2026-27290
Adobe Framemaker | Untrusted Search Path (CWE-426)
Same weakness: CWE-863
- CVE-2026-42571
Privilege Escalation Attack affecting Pelican Web UI - CVE-2025-15633
HCL BigFix WebUI is affected by an improper authorization vu - CVE-2026-42296
Argo Workflows has incomplete fix for CVE-2026-31892: hostNe - CVE-2025-66170
Apache CloudStack: Any user can list backups that they shoul - CVE-2026-41903
FreeScout IDOR Vulnerability: PERM_EDIT_USERS allows modifyi
V. Comments for CVE-2025-54253
No comments yet