CISA has added CVE-2025-54253, a misconfiguration vulnerability in Adobe Experience Manager (AEM) Forms on Java Enterprise Edition (JEE), to its Known Exploited Vulnerabilities catalog, thus warning of detected in-the-wild exploitation. Adobe fixed the vulnerability in August 2025, along with CVE-2025-54254, an Improper Restriction of XML External Entity Reference vulnerability in the same solution. But with a proof-of-concept (PoC) exploit for the two flaws having been made public before that, it was only a matter of … More
The post “Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253) appeared first on Help Net Security.
