Adobe has released urgent security patches for two critical vulnerabilities in Adobe Experience Manager Forms (AEM Forms), which have publicly available exploit codes. These flaws could allow attackers to execute arbitrary code or access sensitive files, urging users to update immediately. #CVE202554253 #CVE202554254
Keypoints
- Adobe released out-of-band security updates for AEM Forms vulnerabilities.
- The flaws, CVE-2025-54253 and CVE-2025-54254, have public proof-of-concept code available.
- CVE-2025-54253 involves a misconfiguration combined with admin UI development mode, enabling RCE.
- CVE-2025-54254 is related to insecure XML processing without authentication, allowing data reading.
- Searchlight Cyber initially reported these issues, highlighting their simplicity and longstanding presence.