Primary

Context

Adobe Experience Manager XML Injection Vulnerability Leading to Security Feature Bypass

Vulnerability

Patched

An XML injection vulnerability has been identified in Adobe Experience Manager (AEM) versions 6.5.23.0 and earlier. This vulnerability allows a low-privileged attacker to manipulate XML queries, potentially leading to unauthorized write access and bypassing security features.

Impact

Exploitation of this vulnerability could result in a security feature bypass, allowing for unauthorized manipulation of XML queries and limited write access.

Remediation

Users are advised to update to Adobe Experience Manager 6.5.23 (Granite-61551 Hotfix) or AEM Cloud Service Release 2025.9. For assistance with AEM versions 6.4, 6.3, and 6.2, please contact Adobe customer care.

Added: Sep 9, 2025, 6:22 PM

Updated: Sep 9, 2025, 6:22 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.3

exploitability

5.4

remediation

7.7

relevance

0.5

threat

0.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.3

exploitability

5.4

remediation

7.7

relevance

0.5

threat

0.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Adobe Experience Manager XML Injection Vulnerability Leading to Security Feature Bypass

Vulnerability

Impact

Remediation

Affected Products

Adobe Experience Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating