VDB
BDU%3A2025-09420
BDU%3A2025-09420
PUBLISHED
CVSS 10 CRITICAL
Уязвимость системы управления контентом и медиа-данными Adobe Experience Manager, связанная с ошибками конфигурации, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить произвольный код
Risk Scores
CVSS 2.0
10
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe Systems Inc. | Adobe Experience Manager (AEM) Forms on JEE |
Exploit Intelligence
- Breaking down CVE-2025-54253 — an Adobe AEM-Forms exploit path from XXE to full remote code execution and its real-world impact. (github-poc)
- CVE-2025-54253 | CVE-2025-54254 | Adobe Experience Manager Forms XXE → RCE Framework (github-poc-repo)
- 🐙 CVE-2025-54253 exploit demo for Adobe AEM Forms on JEE: OGNL injection to RCE with PoC, Python 3.10 exploit code, reproducer and mitigation guidance. (github-poc-repo)
- CVE-2025-54253 | CVE-2025-54254 | Adobe Experience Manager Forms XXE → RCE Framework (github-poc)
- 🐙 CVE-2025-54253 exploit demo for Adobe AEM Forms on JEE: OGNL injection to RCE with PoC, Python 3.10 exploit code, reproducer and mitigation guidance. (github-poc)
- Simulated PoC for CVE-2025-54253: Adobe AEM OGNL Injection Vulnerability (github-poc)
- kev.json (github-poc)
- data.js (github-poc)
- ghost_report_20260112_192608.json (github-poc)
- ghost_report_20260112_175243.json (github-poc)
…and 1 more exploits
Timeline
- Aug 6, 2025 CVE Published
- Oct 17, 2025 CVE Updated
References
- https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html url
- https://slcyber.io/assetnote-security-research-center/struts-devmode-in-2025-critical-pre-auth-vulnerabilities-in-adobe-experience-manager-forms/ url
- https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv url