Primary

Context

Adobe Experience Manager Incorrect Authorization Vulnerability Allowing Security Feature Bypass

Vulnerability

Patched

An incorrect authorization vulnerability has been identified in Adobe Experience Manager (AEM) versions 6.5.23.0 and earlier. This vulnerability allows a low-privileged attacker to bypass security measures and gain unauthorized write access. The issue arises from improper validation of user permissions, enabling attackers to exploit this flaw and manipulate content or settings without proper authorization.

Impact

Exploitation of this vulnerability could lead to unauthorized write access, allowing attackers to modify content or settings within the application.

Remediation

Users are advised to update to Adobe Experience Manager 6.5.23 (GRANITE-61551 Hotfix) or to AEM Cloud Service Release 2025.9. For assistance with AEM versions 6.4, 6.3, and 6.2, please contact Adobe customer care.

Added: Sep 9, 2025, 6:25 PM

Updated: Sep 9, 2025, 6:25 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

5.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

5.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Adobe Experience Manager Incorrect Authorization Vulnerability Allowing Security Feature Bypass

Vulnerability

Impact

Remediation

Affected Products

Adobe Experience Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating