PT-2025-31950 · Adobe · Experience Manager

Published

2025-08-05

Updated

2025-09-26

CVE-2025-54254

CVSS v3.1

8.6

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

**Name of the Vulnerable Software and Affected Versions**

Adobe Experience Manager versions 6.5.23 and earlier

**Description**

Adobe Experience Manager is susceptible to an Improper Restriction of XML External Entity Reference ('XXE') issue. Successful exploitation of this issue could allow an attacker to read arbitrary files from the file system without requiring user interaction.

**Recommendations**

Update Adobe Experience Manager to a version later than 6.5.23.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

BDU:2025-09480

CVE-2025-54254

Affected Products

Experience Manager

PT-2025-31950 · Adobe · Experience Manager

Weakness Enumeration

Related Identifiers

Affected Products

References · 30