Adobe issued emergency updates for two zero-day flaws in Adobe Experience Manager (AEM) form on JEE after revealing the POC Explightening Chain, which can be used for informal, distant code execution on weak examples.
Flaws are tracked as CVE-2025-54253 and CVE-2025-54254:
- Cve-2025-54253: Misconfiguration allows arbitrary code execution. “Critical” rated with a CVSS score of 8.6.
- CVE-2025-54254: The unfair restriction of the XML external unit reference (XXE) allows arbitrary file system to read. Maximum-seriousness rated “critical” with 10.0 CVSS score.
Adobe Fixed flaws In the latest versions Described in this advisor,
The weaknesses were discovered by Shubam Shah and Searchlight Cyber’s Adam Cuse, who revealed Adobe on April 28, 2025 with a third point, CVE-2025–495333.
Adobe initially patted the CVE-2025–49533 on 5 August, leaving the other two flaws for more than 90 days.
After warning Adobe of its disclosure timeline, researchers published technical writing On July 29, how the weaknesses work and how they can be exploited.
According to the researchers, the CVE-2025-49533 is a Java disorganization defect that is in the formsever module that allows informal remote code execution (RCE). A services process the user-supplied data and process it without decoding and verification, which sends a malicious payload to execute the command on the attackers server.
XXE vulnerability, tracked as the CVE-2025-54254, affects a web service that handles the SOAP authentication. By submitting a specially designed XML payload, the attacker can trick the service to highlight the local files, such as Win.ini, without authentication.
Finally, the CVE-2025–54253 defect is caused by a certification bypass in combination with a misunderstanding developer setting.
Researchers found that the growth mode of Storts 2 was accidentally enabled, allowing the attackers to execute OGNL manifestations through debug parameters sent to HTTP requests.
Since the flaws allow remote code execution on the weak server, all admins are advised to install the latest updates and hotfix as soon as possible.
If this is not possible, researchers strongly recommend restricting access from the Internet to the forum.
Malware targeting password stores increased 3x as the attackers secretly carried out the perfect history landscape, infiltrated and exploited important systems.
Search for the top 10 Metter Att & CK techniques behind the 93% attacks and how to defend them.
