HIGH🇬🇧 English

CVE-2025-54254

CVSS 8.6v3.1pub. 2025-08-05upd. 2025-10-02

Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system, scope is changed. Exploitation of this issue does not require user interaction.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
  • Adobe Experience Manager Forms

    APP
    Adobe
    ≤ 6.5.23.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XXE
CWE
Referencje

Powiązane podatności

CVE-2025-54253CRITICAL10.0⚠ KEVPL ✓ten sam produkt

RCE przez błędną konfigurację w Adobe Experience Manager Forms

CVE-2020-9732CRITICAL9.0ten sam produkt

The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vul...

CVE-2020-9733HIGH7.5ten sam produkt

An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions ...

CVE-2017-3067HIGH7.5ten sam produkt

Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting f...

CVE-2019-8089MEDIUM6.1ten sam produkt

Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Successfu...