Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-54253

CRITICAL
Published 2025-08-05T16:53:40.742Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-54253. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
10.0
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.

Available Exploits

No exploits available for this CVE.

Related News

Adobe patches critical Adobe Experience Manager Forms vulnerabilities with public PoC

Adobe has released an emergency security update for Adobe Experience Manager Forms on Java Enterprise Edition (JEE), which fix two critical vulnerabilities (CVE-2025-54253, CVE-2025-54254) with a publicly available proof-of-concept (PoC) exploit. Details abou…

Help Net Security 2025-08-06 13:25
Read More

Affected Products

Adobe

Adobe Experience Manager

Affected Versions:

0

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.

Affected Products (ENISA)

adobe
adobe experience manager

ENISA Scoring

CVSS Score (3.1)

10.0
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.700
probability

ENISA References

https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html

Data provided by ENISA EU Vulnerability Database. Last updated: August 7, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed CRITICAL

GHSA-7mcc-8f7p-x6v7

Advisory Details

Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-54253
WEB https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html
WEB https://slcyber.io/assetnote-security-research-center/struts-devmode-in-2025-critical-pre-auth-vulnerabilities-in-adobe-experience-manager-forms

Advisory provided by GitHub Security Advisory Database. Published: August 5, 2025, Modified: August 6, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

4 posts
Reddit 1 week, 6 days ago
crstux
Exploit

🔥 Top 10 Trending CVEs (26/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-55746](https://nvd.nist.gov/vuln/detail/CVE-2025-55746)** - 📝 Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows …

Also mentions: CVE-2025-55746 CVE-2025-26496 CVE-2025-43300 CVE-2025-9074 CVE-2025-52970 CVE-2025-49533 CVE-2025-38236 CVE-2025-5419 CVE-2025-32433
2
2.0
View Original High Risk
Reddit 2 weeks ago
crstux
Exploit PoC

🔥 Top 10 Trending CVEs (25/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-54253](https://nvd.nist.gov/vuln/detail/CVE-2025-54253)** - 📝 Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass …

Also mentions: CVE-2025-43300 CVE-2025-9074 CVE-2025-52970 CVE-2025-49533 CVE-2025-38236 CVE-2025-21479 CVE-2025-32433 CVE-2024-36401
1
1.0
View Original High Risk
Reddit 3 weeks, 5 days ago
lubyruffy
Exploit

Adobe Experience Manager Forms on JEE Zero-day Vulnerabilities (CVE-2025-54253 & CVE-2025-54254)

1
1.0
View Original High Risk
Reddit 1 month ago
manoflick

Adobe has put out a security bulletin stating that Adobe Experience Manager (AEM) Forms on JEE version 6.5.23.0 and earlier is vulnerable to a CVE-10 and CVE-8.6 class vulnerabilities The 10 is CVE-2025-54253 And the 8.6 is CVE-2025-54254

14
14.0
View Original

References

https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html
Published: 2025-08-05T16:53:40.742Z
Last Modified: 2025-08-05T17:34:26.574Z
Copied to clipboard!