CVE-2025-54251: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability (CVE-2025-54251) that was disclosed on September 9, 2025. The vulnerability could result in a security feature bypass, allowing low-privileged attackers to manipulate XML queries (AttackerKB).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. The scoring indicates that the vulnerability is network-accessible, requires low attack complexity, needs low-level privileges, requires no user interaction, has unchanged scope, and can impact system integrity at a low level with no impact on confidentiality or availability (AttackerKB).

If exploited, this XML Injection vulnerability could allow an attacker to bypass security features and gain limited unauthorized write access to the system. The impact is primarily focused on system integrity, with no direct effect on confidentiality or availability (CIS Advisory).

Adobe has released security updates to address this vulnerability. Organizations are advised to update their Adobe Experience Manager installations to versions newer than 6.5.23.0. The update should be applied after appropriate testing in the environment (Adobe Security).