πŸ”΄ CVE-2025-54253

Critical misconfiguration vulnerability in Adobe Experience Manager Forms on JEE allowing pre-authentication remote code execution via OGNL injection. The vulnerability requires no user interaction and can be exploited directly over the network against internet-facing AEM instances.

← Back to Overview
HIGH_RISK
Risk Level
10.0
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 β€” Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

πŸ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-08-05

Added to CISA KEV: 2025-10-15 71 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

πŸ” Web Intelligence (Kagi Β· 2025-10-15)

CVE-2025-54253 is a critical misconfiguration vulnerability affecting Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23 and earlier [4][6]. It allows for pre-authentication remote code execution (RCE) via OGNL injection [1][9].

Here's a breakdown of what is known about its exploitation:

  • Internet-facing applications/services: The vulnerability is exposed over the network and is considered internet-facing [3]. Attackers can scan the internet for vulnerable endpoints on port 443 or use tools like Shodan and Censys to find targets [1].
  • Active exploitation in the wild: While a public proof-of-concept (PoC) exists, Adobe is not currently aware of active exploitation in the wild [5].
  • Attack vectors and exploitation methods: The vulnerability is triggered by improper configuration within AEM, allowing attackers to bypass security mechanisms and execute arbitrary code [4][3]. This is achieved through OGNL injection, and exploitation requires no user interaction or authentication [3][7].
  • Targeted attacks: Due to the ease of exploitation and potential for automation, CVE-2025-54253 is considered a high-value target that could be used in scaled attacks against multiple AEM instances [2].
  • CISA Known Exploited Vulnerabilities (KEV) status: This vulnerability is not listed in the CISA KEV catalog.
  • Technical details about internet exploitability: CVE-2025-54253 has a CVSS score of 10.0, indicating its critical severity [1]. It can be exploited remotely without authentication, making it highly dangerous [8].

Sources

  1. CVE-2025-54253: Adobe AEM Forms on JEE OGNL

    CVE-2025-54253 is a critical OGNL injection vulnerability (CVSS 10.0) affecting Adobe AEM Forms on JEE, up to version 6.5.23.0. The flaw results ...

  2. CVE-2025-54253: Critical Zero-Day Vulnerability in Adobe Experience...

    This attack chain makes CVE-2025-54253 a high-value target for exploitation, particularly given that it can be automated and scaled against multiple vulnerable AEM instances.

  3. CVE-2025-54253 : Adobe Experience Manager versions 6.5.23 and earlier ...

    Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interact…

  4. Adobe Experience Manager Forms CVE-2025-54253 ...

    No user interaction or authentication required; Exploitation is possible over the network; The root cause is improper configuration within AEM ...

  5. APSB25-82 : Security update available for Adobe AEM Forms

    Adobe is aware that CVE-2025-54253 and CVE-2025-54254 have a publicly available proof-of-concept. Adobe is not aware of these issues being ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

πŸ“„ Download JSON Data | πŸ“‘ RSS Feed