Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system, scope is changed. Exploitation of this issue does not require user interaction.
History

Fri, 22 Aug 2025 16:45:00 +0000

Type Values Removed Values Added
Description Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system. Exploitation of this issue does not require user interaction. Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system, scope is changed. Exploitation of this issue does not require user interaction.

Wed, 13 Aug 2025 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe experience Manager Forms
CPEs cpe:2.3:a:adobe:experience_manager_forms:*:*:*:*:*:*:*:*
Vendors & Products Adobe experience Manager Forms

Wed, 06 Aug 2025 08:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe experience Manager
Vendors & Products Adobe
Adobe experience Manager

Tue, 05 Aug 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 05 Aug 2025 17:15:00 +0000

Type Values Removed Values Added
Description Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system. Exploitation of this issue does not require user interaction.
Title Adobe Experience Manager | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)
Weaknesses CWE-611
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2025-08-22T16:33:26.932Z

Reserved: 2025-07-17T21:15:02.455Z

Link: CVE-2025-54254

cve-icon Vulnrichment

Updated: 2025-08-05T17:19:17.237Z

cve-icon NVD

Status : Modified

Published: 2025-08-05T17:15:29.460

Modified: 2025-08-22T17:15:32.407

Link: CVE-2025-54254

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-06T07:50:30Z