PT-2025-31950 · Adobe · Experience Manager
Published
2025-08-05
·
Updated
2025-10-02
·
CVE-2025-54254
CVSS v3.1
8.6
High
| AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Adobe Experience Manager versions 6.5.23 and earlier
Description
Adobe Experience Manager is susceptible to an Improper Restriction of XML External Entity Reference ('XXE') issue. Successful exploitation of this issue could allow an attacker to read arbitrary files from the file system without requiring user interaction.
Recommendations
Update Adobe Experience Manager to a version later than 6.5.23.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Experience Manager