Particle.news
Download on the App Store
3 ARTICLES
·
yesterday

Adobe Pushes Emergency Patches for Two Critical AEM Forms Zero-Days

The hotfixes close misconfiguration loopholes alongside an XXE flaw to stop attackers from executing code or reading files on vulnerable servers.

Adobe
Image

Overview

  • Adobe released emergency out-of-band updates for CVE-2025-54253 and CVE-2025-54254 addressing zero-days in AEM Forms on JEE.
  • The misconfiguration tracked as CVE-2025-54253 allows unauthenticated remote code execution; the XXE flaw tracked as CVE-2025-54254 enables arbitrary file reads.
  • The fix follows the public release of proof-of-concept exploit code by Searchlight Cyber researchers on July 29.
  • Adobe reports no known in-the-wild exploitation but warns that the PoC availability raises urgency for patching.
  • Customers are urged to install the updates immediately or restrict external access to standalone AEM Forms deployments.