AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAdobe Experience Manager
APPAdobe≤ 6.5.10.0Adobe Experience Manager Cloud Service
APPAdobewszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XXE
Related vulnerabilities
CVE-2026-34691CRITICAL9.3PL ✓ten sam produkt
Stored XSS w Adobe Experience Manager Forms JEE – krytyczna podatność
CVE-2025-64538CRITICAL9.3PL ✓ten sam produkt
DOM-based XSS w Adobe Experience Manager — możliwe RCE i przejęcie sesji
CVE-2025-64537CRITICAL9.3PL ✓ten sam produkt
DOM-based XSS w Adobe Experience Manager umożliwiający RCE
CVE-2025-64539CRITICAL9.3PL ✓ten sam produkt
DOM-based XSS w Adobe Experience Manager umożliwiający RCE
CVE-2025-49533CRITICAL9.8PL ✓ten sam produkt
RCE przez deserializację niezaufanych danych w Adobe Experience Manager