[CDP-development] TLP:GREEN (Zero-Day Vulnerability Alert Notification) CVE-2025-54253: Adobe Experience Manager Forms Code Execution Vulnerability

ESO_SOC * DAS ESO.SOC at das.oregon.gov
Wed Oct 15 12:15:23 PDT 2025 

Good afternoon,

The SOC Services team is reporting on these vulnerabilities: CVE-2025-54253: Adobe Experience Manager Forms Code Execution Vulnerability. Due to its high visibility, we are providing this in-depth information:

History: On August 5, 2025, Adobe released notification of the following vulnerability: Adobe Experience Manager Forms Code Execution Vulnerability. This vulnerability is currently assigned the following CVSSv3 score of 10 (Adobe Systems Incorporated). NIST has yet to classify and apply its own CVSSv3 score as of today's date.

Affected versions:

  *   Adobe Experience Manager (AEM) Forms on JEE 6.5.23.0 and earlier

Fixed versions:

  *   Adobe Experience Manager (AEM) Forms on JEE 6.5.0-0108

Additional information can be found on the vendor's website: https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html

Intelligence: As of October 15, 2025, CISA has confirmed the vulnerability as being exploited in the wild and has added it to the Known Exploited Vulnerabilities Catalog.

User Interaction: None
Exploitability: Low Complexity, Network Exploitability
Exploit Maturity: Proof of Concept (PoC)
Remotely Exploitable: Yes
Proof of Concept Available: Yes
Zero Day: Yes

Workarounds: There are no workarounds for this vulnerability as this time.

How it works: Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution.

Post-Exploit: Upon successful exploitation of the vulnerability, an attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction.

As of October 15, 2025, Tenable has released the following plugins for the vulnerability:

Plugin ID
Plugin Name
Severity
VPR/VPR Beta
Platform
243980<https://www.tenable.com/plugins/nessus/243980>
Adobe Experience Manager 6.0.0.0 < 6.5.24.0 Multiple Vulnerabilities (APSB25-82)
Critical
9.2 (Critical) / 8.0 (High)
Nessus

Recommended Actions:


  *   Verify host has not been compromised before applying patches.
  *   Apply appropriate updates provided by the vendor to vulnerable systems after testing.
  *   Run all software as a non-privileged user to reduce the impact of a successful attack.
  *   Apply the Principle of Least Privilege to all systems and services.


Cyber Security Services
State of Oregon Cyber Security Services
Enterprise Information Services | SOC
Cyber Security Services (CSS)
SOC Hotline: (503) 378-5930 | SOC Services (503)373-0378
[cid:image001.png at 01DC3DCB.3236F470] [cid:image002.png at 01DC3DCB.3236F470]







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20251015/7c605328/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 280765 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20251015/7c605328/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 32625 bytes
Desc: image002.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20251015/7c605328/attachment-0003.png>

More information about the CDP-development mailing list