Volerion logoVolerion
Volerion logoVolerion

Adobe Experience Manager Forms Deserialization Vulnerability Leading to Arbitrary Code Execution

Vulnerability

A deserialization vulnerability allowing arbitrary code execution has been identified in Adobe Experience Manager (AEM) Forms on JEE, specifically in versions 6.5.23.0 and earlier. This vulnerability arises from the deserialization of untrusted data, and exploitation does not require user interaction.

Impact

Exploitation of this vulnerability could result in arbitrary code execution on the server where AEM Forms is running.

Remediation

Users are advised to update to Adobe Experience Manager (AEM) Forms on JEE version 6.5.0.0.20250527.0. Update instructions are available on the Adobe Experience League website.

Added: Jul 9, 2025, 12:23 AM
Updated: Jul 9, 2025, 12:23 AM

Vulnerability Rating

Custom Algorithm
spread
3.1
impact
10.0
exploitability
7.4
remediation
7.7
relevance
0.3
threat
1.5
urgency
2.9
incentive
5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.