Adobe launched emergency updates for 2 zero-day flaws in Adobe Expertise Supervisor (AEM) Kinds on JEE after a PoC exploit chain was disclosed that can be utilized for unauthenticated, distant code execution on susceptible cases.
The issues are tracked as CVE-2025-54253 and CVE-2025-54254:
- CVE-2025-54253: Misconfiguration permitting arbitrary code execution. Rated “Important” with a CVSS rating of 8.6.
- CVE-2025-54254: Improper Restriction of XML Exterior Entity Reference (XXE) permitting arbitrary file system learn. Rated “Important” with a maximum-severity 10.0 CVSS rating.
Adobe has mounted the issues within the newest variations as described on this advisory.
The vulnerabilities have been found by Shubham Shah and Adam Kues of Searchlight Cyber, who disclosed them to Adobe on April 28, 2025, together with a 3rd challenge, CVE-2025-49533.
Adobe initially patched CVE-2025-49533 on August 5, leaving the opposite two flaws unfixed for over 90 days.
After warning Adobe of their disclosure timeline, the researchers printed a technical write-up on July 29 detailing how the vulnerabilities work and the way they are often exploited.
In line with the researchers, CVE-2025-49533 is a Java deserialization flaw within the FormServer module that enables unauthenticated distant code execution (RCE). A servlet processes user-supplied information by decoding and deserializing it with out validation, letting attackers ship malicious payloads to execute instructions on the server.
The XXE vulnerability, tracked as CVE-2025-54254, impacts an internet service that handles SOAP authentication. By submitting a specifically crafted XML payload, attackers can trick the service into exposing native recordsdata, equivalent to win.ini, with out authentication.
Lastly, the CVE-2025-54253 flaw is brought on by an authentication bypass in /adminui module together with a misconfigured developer setting.
The researchers discovered that Struts2’s growth mode was left enabled by mistake, permitting attackers to execute OGNL expressions by means of debug parameters despatched in HTTP requests.
As the issues permit distant code execution on susceptible servers, all admins are suggested to put in the newest updates and hotfixes as quickly as potential.
If that’s not potential, the researchers strongly suggest proscribing entry to the platform from the web.
Malware concentrating on password shops surged 3X as attackers executed stealthy Excellent Heist eventualities, infiltrating and exploiting vital methods.
Uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and the right way to defend in opposition to them.
