CVE-2025-54254

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-54254

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54254.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-54254

Withdrawn

2026-05-04T08:49:46.807178Z

Published

2025-08-05T17:15:29.460Z

Modified

2026-05-04T08:49:46.807178Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system, scope is changed. Exploitation of this issue does not require user interaction.

References

https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.5.23.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54254.json"