CVE Details
Basic Information
| Title | Adobe Experience Manager | Improper Restriction of XML External Entity Reference (‘XXE’) (CWE-611) |
|---|---|
| Type | cve |
| Published | 2025-08-05T16:53:39.954Z |
| Modified | 2025-08-05T17:19:21.608Z |
Product Information
| Vendor | Adobe |
|---|---|
| Product | Adobe Experience Manager |
| Version | 0 |
CVSS Information
| Base Score | 8.6 (HIGH) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
AI Analysis
| AI Description | Adobe Experience Manager versions 6.5.23 and earlier have an XXE vulnerability allowing attackers to read arbitrary files without user interaction. This could expose sensitive data on the server. |
|---|---|
| AI Severity | High |
| AI Vendor | Adobe |
| AI Product | Adobe Experience Manager |
| AI Version | 6.5.23 and earlier |
Affected Products
- Adobe Adobe Experience Manager 0
Additional Information
| CWE List | CWE-611 |
|---|---|
| Source | adobe |
Description
Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system. Exploitation of this issue does not require user interaction.