CVE-2025-54254

Adobe Experience Manager | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)

Description

Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system, scope is changed. Exploitation of this issue does not require user interaction.

INFO

Published Date :

2025-08-05T16:53:39.954Z

Last Modified :

2025-08-22T16:33:26.932Z

Source :

adobe

AFFECTED PRODUCTS

The following products are affected by CVE-2025-54254 vulnerability.

Vendors	Products
Adobe	Experience Manager Experience Manager Forms

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54254.

URL	Resource
https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact