- 175/2025
- Critical
Adobe has released security updates to fix two vulnerabilities affecting Adobe Experience Manager.
The addressed vulnerabilities could allow the remote attacker to obtain sensitive information or execute arbitrary code and gain access to the affected product.
The addressed vulnerabilities:
1. Adobe Experience Manager Code Execution Vulnerability (CVE-2025-54253):
- CVSS: 10
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Adobe Experience Manager Improper Restriction of XML External Entity Reference Vulnerability (CVE-2025-54254):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
It should be highlighted that Adobe is aware that the vulnerabilities “CVE-2025- 54253” and “CVE-2025-54254” have a publicly available proof-of-concept.
Vulnerabilities
- CVE-2025-54253
- CVE-2025-54254
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.