Adobe has issued emergency updates for critical zero-day vulnerabilities in Adobe Experience Manager Forms, which could allow unauthenticated remote code execution. Security researchers disclosed these flaws after a series of exploit demonstrations, emphasizing the need for immediate patching. #AdobeExperienceManager #ZeroDayExploits
Keypoints
- Two critical vulnerabilities, CVE-2025-54253 and CVE-2025-54254, were patched by Adobe in AEM Forms on JEE.
- The flaws enable unauthenticated remote code execution and file system reading, posing significant security risks.
- Researchers discovered the vulnerabilities and disclosed them after a delayed official patch update.
- The CVE-2025-49533 Java deserialization flaw also contributes to remote code execution threats.
- Administrators are urged to update immediately and restrict internet access if patching isnβt possible.