Adobe has launched an emergency replace for 2 zero-day defects in Adobe Expertise Supervisor (AEM) kinds in JEE after the POC exploit chain was disclosed.
The defects are tracked as CVE-2025-54253 and CVE-2025-54254.
- CVE-2025-54253: False impression that enables for arbitrary code execution. It was rated as “vital” with a CVSS rating of 8.6.
- CVE-2025-54254: Inappropriate limitations within the XML Exterior Entity Reference (XXE) trigger any file system to be learn. Most worth: 10.0 CVSS rating rated as “vital”.
Adobe has mounted a flaw within the newest model as defined on this advisory.
The vulnerability was found by Shubham Shah and Adam Kues of Searchlight Cyber, whom he disclosed to Adobe on April 28, 2025.
Adobe first patched CVE-2025-49533 on August fifth, and for greater than 90 days the opposite two defects had not been unlocked.
After warning Adobe about their disclosure timeline, researchers printed a technical article on July twenty ninth detailing how the vulnerability works and the way it may be exploited.
In accordance with researchers, CVE-2025-49533 is a flaw within the Java de-aggregation of kind server modules that enable uncertified distant code execution (RCE). The servlet processes the info that the consumer has extracted by decoding and eradicating with out verification, permitting the attacker to ship malicious payloads to execute instructions on the server.
The XXE vulnerability tracked as CVE-2025-54254 impacts net providers that deal with SOAP authentication. By sending a specifically created XML payload, an attacker can trick the service into exposing native information resembling win.ini with out authentication.
Lastly, the defect in CVE-2025-54253 is brought on by authentication bypassing the /adminui module along with the wrong developer configuration.
Researchers found that Struts2’s improvement mode was incorrectly enabled, permitting attackers to execute OGNL expressions through debug parameters despatched in HTTP requests.
It’s endorsed that every one directors set up the most recent updates and hotfixes as quickly as attainable, as flaws enable distant code execution on weak servers.
If that’s not attainable, researchers strongly suggest limiting entry to the platform from the Web.
