Adobe AEM Forms 0-Day Vulnerability Allows Attackers to Run Arbitrary Code
gbhackersAdobe has released critical security updates for Adobe Experience Manager (AEM) Forms on Java Enterprise Edition following the discovery of two severe vulnerabilities that could enable attackers to execute arbitrary code and read sensitive files from affected systems.
Critical Security Flaws Discovered
Security researchers Shubham Shah and Adam Kues from Assetnote identified two critical vulnerabilities in Adobe’s enterprise content management platform.
CVE-2025-54253, scoring a maximum 10.0 on the Common Vulnerability Scoring System (CVSS), represents a misconfiguration flaw that enables arbitrary code execution.
The second vulnerability, CVE-2025-54254, carries an 8.6 CVSS score and exploits improper XML External Entity (XXE) reference restrictions to allow unauthorized file system access.
The vulnerabilities affect Adobe Experience Manager Forms on JEE version 6.5.23.0 and all earlier versions across all platforms.
| CVE Number | CVE-2025-54254 | CVE-2025-54253 |
| Vulnerability Type | Improper Restriction of XML External Entity Reference (‘XXE’) | Misconfiguration |
| Impact | Arbitrary file system read ... |
Copyright of this story solely belongs to gbhackers . To see the full text click HERE