CISA Points Out Adobe AEM Flaw Scoring a Perfect 10.0: Under Active Attack Alert
“Another cybersecurity flaw got added to CISA’s known exploited vulnerabilities catalog.”
Based on proof of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a major security issue affecting Adobe Experience Manager to its list of known exploited vulnerabilities (KEVs).
This vulnerability is a maximum-severity misconfiguration problem called CVE-2025-54253 (CVSS score: 10.0), which has the potential to cause arbitrary code execution.
Adobe
| Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23.0 and below are affected by the flaw. Version 6.5.0-0108, which was made available in early August 2025, addressed it along with CVE-2025-54254 (CVSS score: 8.6). |
FireCompass, Security Company
| The /adminui/debug servlet, which evaluates user-supplied OGNL expressions as Java code without requiring authentication or input validation, is the source of the vulnerability.
“By abusing the endpoint, attackers can utilize a single carefully constructed HTTP request to carry out arbitrary system actions.” |
Although Adobe recognized in their advisory that “CVE-2025-54253 and CVE-2025-54254 have a publicly available proof-of-concept,” no information on how the security weakness is being exploited in actual attacks is now publicly available.
Federal Civilian Executive Branch (FCEB) agencies are recommended to implement the required remedies by November 5, 2025, in view of active exploitation.
The development comes a day after CISA also added a significant incorrect authentication vulnerability in SKYSEA Client View (CVE-2016-7836, CVSS score: 9.8) to the KEV catalog.
Japan Vulnerability Notes (JVN), Advisory
| In a late-2016 advisory, Japan Vulnerability Notes (JVN) stated that “attacks exploiting this vulnerability have been observed in the wild.”
An inappropriate authentication vulnerability in SKYSEA Client View permits remote code execution through a processing authentication error on the TCP connection with the management console application. |
About The Author
Suraj Koli is a content specialist in technical writing about cybersecurity & information security. He has written many amazing articles related to cybersecurity concepts, with the latest trends in cyber awareness and ethical hacking. Find out more about “Him.”
Read More:
Cyber Fraud via WhatsApp Message: Jewelry Director Duped of ₹1.09 Crore in Major Kanpur Scam
About Author
English