IGMPI facebook CISA Adds Critical Adobe Experience Manager Flaw to Known Exploited Vulnerabilities Catalog
IGMPI Logo
Faculty of Cybersecurity Technology

(An Autonomous Body Recognized by Ministry of Commerce & Industry, Government of India)

Competency based placement focussed Education | Training | Research | Consultancy

ADMISSIONS NOTICE
18001031071 (Toll Free), +91 11 26512850
Regular | Part-time (Online Live Classes) Modes
CISA Adds Critical Adobe Experience Manager Flaw to Known Exploited Vulnerabilities Catalog

CISA Adds Critical Adobe Experience Manager Flaw to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Adobe Experience Manager (AEM) Forms to its Known Exploited Vulnerabilities (KEV) catalog following evidence of active exploitation. CVE-2025-54253 (CVSS 10.0) allows arbitrary code execution due to a misconfiguration in the /adminui/debug servlet, which evaluates user-supplied OGNL expressions without authentication or validation. Affected versions include AEM Forms on JEE 6.5.23.0 and earlier, with Adobe patching the flaw in version 6.5.0-0108 in August 2025, alongside CVE-2025-54254 (CVSS 8.6), an XML external entity (XXE) vulnerability. Researchers from Searchlight Cyber described CVE-2025-54253 as an authentication bypass to RCE chain. No public reports of active attacks exist, but proof-of-concept code is available. Federal Civilian Executive Branch agencies are advised to apply updates by November 5, 2025. The addition follows CISA’s KEV listing of SKYSEA Client View’s improper authentication vulnerability (CVE-2016-7836, CVSS 9.8).

16-10-2025

đź“° Recent News