CISA has issued a warning about active exploitation of a critical vulnerability in Adobe Experience Manager (AEM) that allows attackers to execute code remotely on unpatched systems.
Tracked as CVE 2025 54253, the flaw results from a misconfiguration weakness affecting AEM Forms on JEE versions 6.5.23 and earlier. This maximum severity vulnerability enables unauthenticated attackers to bypass security protections and execute arbitrary code in low complexity attacks that require no user interaction.
The issue was discovered by Adam Kues and Shubham Shah of Searchlight Cyber, who reported it to Adobe on April 28th, along with two related vulnerabilities CVE 2025 54254 and CVE 2025 49533. Adobe initially patched only one of them in April, leaving the other two unaddressed for over 90 days. The company finally released fixes on August 9th, shortly after the researchers published a detailed write-up explaining the vulnerabilities and their exploitation methods.
According to Searchlight Cyber, CVE 2025 54253 is an authentication bypass that leads to remote code execution RCE through Struts DevMode. The researchers advised administrators who cannot patch immediately to restrict Internet access to AEM Forms if deployed as a standalone application.
CISA has now added CVE 2025 54253 to its Known Exploited Vulnerabilities Catalog, requiring Federal Civilian Executive Branch FCEB agencies to secure their systems by November 5th as part of the Binding Operational Directive BOD 22 01 issued in November 2021.
Although this directive applies specifically to US federal agencies, CISA urged all organizations, including those in the private sector to apply the necessary updates or mitigations immediately.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
“Apply mitigations per vendor instructions, follow applicable BOD 22 01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable,” CISA warned. “These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.”
