Emergency Security Bulletin: Multiple Adobe AEM Vulnerabilities.

https://www.redlegg.com/hubfs/Theme-2024/overlay-red.png

TABLE OF CONTENTS

NEW BLOGS

Vulnerability Bulletins

Emergency Security Bulletin: Multiple Adobe AEM Vulnerabilities.

MDR Cybersecurity KPI

From Numbers to Narrative: Rethinking Cyber Security KPIs in 2025

Vulnerability Bulletins

Emergency Security Bulletin: SonicWall SMA 100 Series Authenticated...

Vulnerability Bulletins

Emergency Security Bulletin: CrushFTP AS2 Authentication Bypass &...

By: RedLegg's Cyber Threat Intelligence Team

08/06/25 03:15 PM

About:

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.

VULNERABILITIES

Adobe Experience Manager Misconfiguration Remote Code Execution Vulnerability

CVSS Score: 10.0 (Critical)
Identifier: CVE-2025-54253
Exploit or POC: Yes – Proof-of-concept details have been published by researchers; Adobe reports no known in-the-wild exploitation
Update: CVE-2025-54253 – Adobe Security Advisory

Description: CVE-2025-54253 is a critical misconfiguration vulnerability in Adobe Experience Manager (AEM) Forms JEE, affecting version 6.5.23 and earlier. The vulnerability stems from a misconfigured developer mode that allows attackers to bypass authentication in the /adminui module and execute arbitrary code. Specifically, with Struts2 development mode enabled, attackers can send OGNL expressions via debug parameters in HTTP requests to execute remote code. Threat actors do not require user interaction to exploit, and the exploit bypasses system boundaries (scope changed).

Mitigation Recommendation:
Apply the update released in Adobe's latest security bulletin APSB25-82 immediately for AEM Forms JEE

https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html

Disable Struts2 development mode in production environments

Restrict network access to AEM admin interfaces, especially in non-development settings

Monitor logs for suspicious debug parameter use or OGNL-style payloads

Adobe Experience Manager Forms XXE (XML External Entity) Information Disclosure Vulnerability

CVSS Score: 8.6 (High)
Identifier: CVE-2025-54254
Exploit or POC: Yes – publicly available proof-of-concept released by researchers; Adobe reports no known in-the-wild exploitation
Update: CVE-2025-54254 – Adobe Security Advisory

Description: CVE-2025-54254 is a high-severity XML External Entity (XXE) vulnerability within Adobe Experience Manager (AEM) Forms on JEE, affecting version 6.5.23 and earlier. The flaw arises from insufficient XML input handling in a SOAP-based authentication web service, allowing an attacker to craft malicious XML payloads that cause the system to read local files. Sensitive data such as win.ini and other internal configuration files may be exposed without any authentication or user interaction.

Mitigation Recommendation:

Apply the AEM Forms patch released in Adobe Security Bulletin APSB25-82 immediately.

If patching is delayed, restrict external access to SOAP and AEM management endpoints.

Implement network segmentation and strict access control to AEM environments.

Monitor logs for anomalous XML payload activity and attempted access to sensitive files.