Sign In

CVE-2025-54252

📊 5.4 MEDIUM0.0%🎯 0 exploits
📅 Published Sep 9, 2025
📋 Status: Analyzed

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. This could result in bypassing security features within the application. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field.

🎯 Affected Products & Systems

4 product configurations affected

Filter by type:
📱
Vulnerable
Version: ≤ 6.5.23.0
CPE:
cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*
📱
Vulnerable
Version: ≤ 2025.8.0
CPE:
cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*
📱
Vulnerable
Version: 6.5
CPE:
cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*
📱
Vulnerable
Version: 6.5
CPE:
cpe:2.3:a:adobe:experience_manager:6.5:sp1:*:*:lts:*:*:*
Metrics
5.4 MEDIUMCVSS v3.1[email protected]
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
LOW
User Interaction:
REQUIRED
Confidentiality:
LOW
Integrity:
LOW
Availability:
NONE
Scope:
CHANGED

🔍 Technical Details

Analysis Status
Analyzed
CVSS Details
5.4 (MEDIUM)v3.1
Source: [email protected]
EPSS Details
0.0% (Minimal)13.7th percentile
Last updated: Oct 30, 2025
Exploitation probability within 30 days
Published Date
Sep 9, 2025 (1 month ago)
Last Modified
Sep 12, 2025 (1 month ago)
Security Weaknesses1
References2