PT-2025-28765 · Adobe · Experience Manager

Published

2025-07-08

Updated

2025-09-04

CVE-2025-49533

CVSS v2.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions:

Adobe Experience Manager (MS) versions 6.5.23.0 and earlier

Description:

The vulnerability relates to flaws in the deserialization mechanism within Adobe Experience Manager (AEM) Forms on JEE. Exploitation could allow a remote attacker to execute arbitrary code. Exploitation of this issue does not require user interaction.

Recommendations:

Update to a version later than 6.5.23.0.

Fix

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

BDU:2025-08732

CVE-2025-49533

Affected Products

Experience Manager

PT-2025-28765 · Adobe · Experience Manager

Weakness Enumeration

Related Identifiers

Affected Products

References · 16