VDB

CVE-2025-54252

CVE-2025-54252 PUBLISHED CVSS 5.400000095367432 MEDIUM

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. This could result in bypassing security features within the application. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field.

EPSS 0.04% · 14.2th percentile

Risk Scores

CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.04%
14.2th percentile

Affected Products

VendorProductVersions
AdobeAdobe Experience Manager0
adobeexperience_manager6.5, 0, 0

Timeline

  • Apr 27, 2025 PoC Published
  • Apr 27, 2025 PoC Published
  • Apr 27, 2025 PoC Published
  • Sep 9, 2025 Coalition ESS Score
  • Sep 9, 2025 CVE Published
  • Sep 10, 2025 EPSS Score
  • Sep 10, 2025 PoC Published
  • Sep 11, 2025 Coalition ESS Score
  • Sep 12, 2025 Coalition ESS Score
  • Sep 17, 2025 EPSS Score
  • Sep 25, 2025 EPSS Score
  • Oct 2, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›