{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T05:23:43.152","vulnerabilities":[{"cve":{"id":"CVE-2025-54254","sourceIdentifier":"psirt@adobe.com","published":"2025-08-05T17:15:29.460","lastModified":"2025-10-02T19:17:17.147","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system, scope is changed. Exploitation of this issue does not require user interaction."},{"lang":"es","value":"Las versiones 6.5.23 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de restricción incorrecta de referencias a entidades externas XML ('XXE'), que podría provocar lecturas arbitrarias del sistema de archivos. Un atacante podría aprovechar esta vulnerabilidad para acceder a archivos confidenciales del sistema de archivos local. Para aprovechar este problema, no se requiere la intervención del usuario."}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:experience_manager_forms:*:*:*:*:*:*:*:*","versionEndIncluding":"6.5.23.0","matchCriteriaId":"1449BBE4-7484-4972-8D04-BEC04C159F44"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}}]}