Deserialization Vulnerability in Adobe Experience Manager by Adobe
CVE-2025-49533

9.8CRITICAL

Key Information:

Vendor: Adobe
Status: Adobe Experience Manager (ms)
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-49533?

Adobe Experience Manager (MS) versions 6.5.23.0 and earlier are exposed to a deserialization of untrusted data vulnerability. This security flaw may enable attackers to execute arbitrary code without requiring user interaction. Proper security measures are essential to mitigate the risks associated with this vulnerability, as it can potentially compromise the integrity and functionality of the affected systems.

Affected Version(s)

Adobe Experience Manager (MS) 0 <= 6.5.23.0

References

https://helpx.adobe.com/security/products/aem-forms/apsb2...

vendor-advisory

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Jun 6, 2025