CVE-2025-54246

Published: Sep 9, 2025Modified: Sep 12, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: psirt@adobe.com (Secondary)

Description

Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access.

Affected (4)

Products: Adobe: Experience Manager

Adobe

1 product

Experience Manager

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Adobe Experience Manager	Up to 6.5.23.0
Adobe Experience Manager	Up to 2025.8.0
Adobe Experience Manager	Version 6.5
Adobe Experience Manager	Version 6.5 sp1

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://helpx.adobe.com/security/products/experience-manager/apsb25-90.html

Source: psirt@adobe.com

Vendor Advisory

Timeline

No history available yet.