Back to KEVs

CVE-2025-54253

Adobe Experience Manager | Incorrect Authorization (CWE-863)

Basic Information

CVE State
PUBLISHED
Reserved Date
July 17, 2025
Published Date
August 05, 2025
Last Updated
February 26, 2026
Vendor
Adobe
Product
Adobe Experience Manager
Description
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
Tags
cisa

CVSS Scores

CVSS v3.1

10.0 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2026-06-01 10:42:16 UTC) Source

References

https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html

Known Exploited Vulnerability Information

Source Added Date
CVE 2026-06-01 10:42:16 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel