CVE-2025-49533
CRITICAL EXPLOITED NUCLEIAdobe Experience Manager < 6.5.23.0 - Deserialization of Untrusted Data
Title source: llmExploitation Summary
CVE-2025-49533 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
Adobe Experience Manager (MS) versions 6.5.23.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. Scope is unchanged.
Nuclei Templates (1)
Adobe Experience Manager Forms - Insecure Deserialization
CRITICALVERIFIEDby ritikchaddha,DhiyaneshDK,s4e-io
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://helpx.adobe.com/security/products/aem-forms/apsb25-67.html
Scores
CVSS v3
9.8
EPSS
0.7641
EPSS Percentile
99.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2025-07-30
CWE
CWE-502
Status
published
Products (1)
adobe/experience_manager
< 6.5.23.0
Published
Jul 08, 2025
Tracked Since
Feb 18, 2026