Adobe Experience Manager Forms on JEE authentication bypass RCE (CVE-2025-54253)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2025-54253 is an actively exploited authentication-bypass flaw in Adobe Experience Manager (AEM) Forms on JEE 6.5.23 and earlier that can let unauthenticated attackers execute arbitrary code on unpatched systems. Adobe released security updates on August 9 after proof-of-concept exploit code had already circulated. CISA later added the issue to its Known Exploited Vulnerabilities Catalog and told FCEB agencies to remediate by November 5.
Related Happenings
CISA KEV listing and FCEB patch order for Ivanti EPMM
Public Sector Action
First: 08.04.2026 21:15
Last: 08.04.2026 21:15
Sources 1
About this happening:
**CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...
CISA KEV listing and FCEB patch order for Ivanti EPMM
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...
Magento Open Source and Adobe Commerce PolyShell unauthenticated RCE flaw
Vulnerability
First: 19.03.2026 22:01
Last: 19.03.2026 22:01
Sources 1
About this happening:
**PolyShell** is a **Magento Open Source** and **Adobe Commerce** vulnerability that can enable **unauthenticated code execution** and **account takeover** across **stable version...
Magento Open Source and Adobe Commerce PolyShell unauthenticated RCE flaw
VulnerabilityAbout this happening: **PolyShell** is a **Magento Open Source** and **Adobe Commerce** vulnerability that can enable **unauthenticated code execution** and **account takeover** across **stable version...
CISA KEV listing for Wing FTP CVE-2025-47813
Public Sector Action
First: 17.03.2026 07:23
Last: 17.03.2026 07:23
Sources 1
About this happening:
CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...
CISA KEV listing for Wing FTP CVE-2025-47813
Public Sector ActionAbout this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...
CISA adds two Roundcube flaws to KEV catalog
Public Sector Action
First: 21.02.2026 09:21
Last: 21.02.2026 09:21
Sources 1
About this happening:
**CISA** added **two Roundcube webmail flaws** to the **KEV catalog** after citing **active exploitation**, increasing urgency for federal remediation. **CVE-2025-49113** is a **C...
CISA adds two Roundcube flaws to KEV catalog
Public Sector ActionAbout this happening: **CISA** added **two Roundcube webmail flaws** to the **KEV catalog** after citing **active exploitation**, increasing urgency for federal remediation. **CVE-2025-49113** is a **C...
CISA KEV multi-product active exploitation wave (CVE-2020-7796)
Exploitation Wave
First: 18.02.2026 08:52
Last: 18.02.2026 08:52
Sources 1
About this happening:
**CISA** expanded its **KEV catalog** with **four actively exploited flaws**, signaling a live exploitation wave across **Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video Act...
CISA KEV multi-product active exploitation wave (CVE-2020-7796)
Exploitation WaveAbout this happening: **CISA** expanded its **KEV catalog** with **four actively exploited flaws**, signaling a live exploitation wave across **Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video Act...
Timeline
-
16.10.2025 17:28 1 articles · 7mo ago
Searchlight Cyber discloses CVE-2025-54253
Initial DisclosureAdam Kues and Shubham Shah of Searchlight Cyber disclosed CVE-2025-54253 to Adobe on April 28, along with CVE-2025-54254 and CVE-2025-49533. The issue affected Adobe Experience Manager (AEM) Forms on JEE 6.5.23 and earlier.
Show sources
- CISA: Maximum-severity Adobe flaw now exploited in attacks — www.bleepingcomputer.com — 16.10.2025 17:28
-
16.10.2025 17:28 1 articles · 7mo ago
Searchlight Cyber explains Struts DevMode RCE path
Technical Analysis UpdateSearchlight Cyber published a July 29 write-up describing how CVE-2025-54253 works and how it can be exploited. The vulnerability is an authentication bypass that leads to remote code execution via Struts DevMode.
Show sources
- CISA: Maximum-severity Adobe flaw now exploited in attacks — www.bleepingcomputer.com — 16.10.2025 17:28
-
16.10.2025 17:28 1 articles · 7mo ago
Adobe releases security updates for CVE-2025-54253
Mitigation Patch UpdateAdobe released security updates on August 9 to address CVE-2025-54253 after proof-of-concept exploit code was already publicly available.
Show sources
- CISA: Maximum-severity Adobe flaw now exploited in attacks — www.bleepingcomputer.com — 16.10.2025 17:28
-
16.10.2025 03:00 2 articles · 7mo ago
CISA adds CVE-2025-54253 to KEV catalog
Legal Policy Action UpdateCISA added CVE-2025-54253 to its Known Exploited Vulnerabilities Catalog, warned that attackers are actively exploiting Adobe Experience Manager Forms on JEE 6.5.23 and earlier, and gave Federal Civilian Executive Branch agencies until November 5 to secure their systems under BOD 22-01.
Show sources
- CISA: Maximum-severity Adobe flaw now exploited in attacks — www.bleepingcomputer.com — 16.10.2025 17:28
- CISA: Maximum-severity Adobe flaw now exploited in attacks — www.bleepingcomputer.com — 16.10.2025 17:28