Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
Advisories
Source ID Title
EUVD EUVD EUVD-2025-23647 Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 17 Oct 2025 12:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Thu, 16 Oct 2025 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-16

Thu, 16 Oct 2025 18:30:00 +0000

Type Values Removed Values Added
Title Adobe Experience Manager | Misconfiguration (CWE-16) Adobe Experience Manager | Incorrect Authorization (CWE-863)
Weaknesses CWE-863

Wed, 15 Oct 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2025-10-16T00:00:00+00:00', 'dueDate': '2025-11-06T00:00:00+00:00'}


Wed, 13 Aug 2025 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe experience Manager Forms
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:adobe:experience_manager_forms:*:*:*:*:*:*:*:*
Vendors & Products Adobe experience Manager Forms

Wed, 06 Aug 2025 13:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 06 Aug 2025 08:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe experience Manager
Vendors & Products Adobe
Adobe experience Manager

Tue, 05 Aug 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 05 Aug 2025 17:45:00 +0000

Type Values Removed Values Added
Title Adobe Experience Manager | Misconfiguration (sub-domain takeover) (CWE-16) Adobe Experience Manager | Misconfiguration (CWE-16)

Tue, 05 Aug 2025 17:15:00 +0000

Type Values Removed Values Added
Description Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
Title Adobe Experience Manager | Misconfiguration (sub-domain takeover) (CWE-16)
Weaknesses CWE-16
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2025-10-16T18:24:37.832Z

Reserved: 2025-07-17T21:15:02.455Z

Link: CVE-2025-54253

cve-icon Vulnrichment

Updated: 2025-08-05T17:54:04.841Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-05T17:15:29.283

Modified: 2025-10-17T12:36:43.973

Link: CVE-2025-54253

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-06T07:50:30Z