ID del boletín
Última actualización el
16/12/2025
Actualizaciones de seguridad disponibles para Adobe Experience Manager | APSB25-115
|
|
Fecha de publicación |
Prioridad |
|---|---|---|
|
APSB25-115 |
9 de diciembre de 2025 |
3 |
Resumen
Adobe ha publicado actualizaciones para Adobe Experience Manager (AEM). Estas actualizaciones resuelven vulnerabilidades clasificadas como crítica e importante. La explotación exitosa de estas vulnerabilidades podría resultar en la ejecución de código arbitrario, lectura arbitraria del sistema de archivos y escalación de privilegios.
Adobe no tiene constancia de que existan exploits en circulación para los problemas que se tratan en estas actualizaciones.
Versión afectada del producto
| Producto | Versión | Plataforma |
|---|---|---|
| Adobe Experience Manager (AEM) |
AEM Cloud Service (CS) |
Todas |
6.5 LTS 6.5.23 y versiones anteriores |
Todas |
Solución
Adobe categoriza estas actualizaciones de acuerdo con los siguientes niveles de prioridad y recomienda que los usuarios actualicen los programas a las versiones más recientes:
Producto |
Versión |
Plataforma |
Prioridad |
Disponibilidad |
|---|---|---|---|---|
| Adobe Experience Manager (AEM) |
Versión 2025.12 del servicio en la nube AEM | Todas | 3 | Notas de la versión |
| Adobe Experience Manager (AEM) | 6.5 LTS SP1 (GRANITE-61551 Hotfix) | Todas | 3 | Notas de la versión |
| Adobe Experience Manager (AEM) | 6.5.24 | Todas | 3 | Notas de la versión |
Nota:
Los clientes que ejecuten en Cloud Service de Adobe Experience Manager recibirán actualizaciones automáticamente con nuevas funciones, así como correcciones de errores de seguridad y funcionalidad.
Nota:
Experience Manager Security Considerations:
AEM as a Cloud Service Security Considerations
Anonymous Permission Hardening Package
Nota:
Póngase en contacto con el servicio de atención al cliente de Adobe para obtener ayuda relacionada con AEM 6.4, 6.3 y 6.2.
Detalles sobre la vulnerabilidad
| Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVSS vector |
CVE Number |
| Cross-site Scripting (DOM-based XSS) (CWE-79) | Arbitrary code execution | Critical | 9.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N | CVE-2025-64537 |
| Cross-site Scripting (DOM-based XSS) (CWE-79) | Arbitrary code execution | Critical | 9.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N | CVE-2025-64539 |
| Dependency on Vulnerable Third-Party Component (CWE-1395) | Arbitrary file system read | Critical | 8.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N | CVE-2025-64540 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64541 |
| Cross-site Scripting (DOM-based XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64542 |
| Cross-site Scripting (DOM-based XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64543 |
| Cross-site Scripting (DOM-based XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64544 |
| Cross-site Scripting (DOM-based XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64545 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64546 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64547 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64548 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64549 |
| Cross-site Scripting (DOM-based XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64550 |
| Cross-site Scripting (DOM-based XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64551 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64552 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64553 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64554 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64555 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64556 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64557 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64558 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64559 |
| Cross-site Scripting (DOM-based XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64560 |
| Cross-site Scripting (DOM-based XSS) (CWE-79) | Priviledge escalation | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64562 |
| Cross-site Scripting (DOM-based XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64563 |
| Cross-site Scripting (DOM-based XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64564 |
| Cross-site Scripting (DOM-based XSS) (CWE-79) | Priviledge escalation | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64565 |
| Cross-site Scripting (DOM-based XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64569 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64572 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64574 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64575 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64576 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64577 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64578 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64579 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64580 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Priviledge escalation | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64581 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64582 |
| Cross-site Scripting (DOM-based XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64583 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64585 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64586 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64590 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64591 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64592 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64593 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64594 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64596 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64597 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64598 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64599 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64600 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64601 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64602 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64603 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64604 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64605 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64606 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64607 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64609 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64610 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64611 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64612 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64614 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64615 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64616 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64619 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64620 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64622 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64623 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64626 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64627 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64789 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64790 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64791 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64792 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64793 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64794 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64796 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64797 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64799 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64800 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64801 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64802 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64803 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64804 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64808 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64814 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64817 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64820 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64821 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64822 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
CVE-2025-64823 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64825 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64826 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64827 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64829 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64833 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64839 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64840 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64841 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64845 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64847 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64850 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64852 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64853 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64857 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64858 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64860 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64861 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64863 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64869 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64872 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64873 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64875 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64881 |
| Cross-site Scripting (DOM-based XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64887 |
| Cross-site Scripting (DOM-based XSS) (CWE-79) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2025-64888 |
Nota:
If a customer is using Apache httpd in a proxy with a non-default configuration, they may be impacted by CVE-2023-25690 - please read more here: https://httpd.apache.org/security/vulnerabilities_24.html
Acknowledgments
Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers:
- green-jam: CVE-2025-64541, CVE-2025-64542, CVE-2025-64543, CVE-2025-64544, CVE-2025-64545, CVE-2025-64554, CVE-2025-64555, CVE-2025-64556, CVE-2025-64557, CVE-2025-64558, CVE-2025-64560, CVE-2025-64562, CVE-2025-64563, CVE-2025-64564, CVE-2025-64565, CVE-2025-64569, CVE-2025-64572, CVE-2025-64574, CVE-2025-64575, CVE-2025-64576, CVE-2025-64577, CVE-2025-64578, CVE-2025-64579, CVE-2025-64580, CVE-2025-64581, CVE-2025-64582, CVE-2025-64583, CVE-2025-64585, CVE-2025-64586, CVE-2025-64590, CVE-2025-64591, CVE-2025-64592, CVE-2025-64593, CVE-2025-64594, CVE-2025-64596, CVE-2025-64597, CVE-2025-64598, CVE-2025-64599, CVE-2025-64600, CVE-2025-64601, CVE-2025-64602, CVE-2025-64603, CVE-2025-64604, CVE-2025-64605, CVE-2025-64606, CVE-2025-64607, CVE-2025-64609, CVE-2025-64610, CVE-2025-64611, CVE-2025-64612, CVE-2025-64614, CVE-2025-64615, CVE-2025-64616, CVE-2025-64619, CVE-2025-64620, CVE-2025-64622, CVE-2025-64623, CVE-2025-64626, CVE-2025-64627, CVE-2025-64789, CVE-2025-64790, CVE-2025-64791, CVE-2025-64792, CVE-2025-64793, CVE-2025-64794, CVE-2025-64796, CVE-2025-64797, CVE-2025-64799, CVE-2025-64800, CVE-2025-64801, CVE-2025-64802, CVE-2025-64803, CVE-2025-64804, CVE-2025-64808, CVE-2025-64814, CVE-2025-64817, CVE-2025-64820, CVE-2025-64821, CVE-2025-64822, CVE-2025-64823, CVE-2025-64825, CVE-2025-64826, CVE-2025-64827, CVE-2025-64829, CVE-2025-64833, CVE-2025-64839, CVE-2025-64840, CVE-2025-64841, CVE-2025-64845, CVE-2025-64847, CVE-2025-64850, CVE-2025-64852, CVE-2025-64853, CVE-2025-64857, CVE-2025-64858, CVE-2025-64860, CVE-2025-64861, CVE-2025-64863, CVE-2025-64869, CVE-2025-64875, CVE-2025-64887, CVE-2025-64888
- lpi: CVE-2025-64546, CVE-2025-64547, CVE-2025-64548, CVE-2025-64549, CVE-2025-64550, CVE-2025-64551, CVE-2025-64552, CVE-2025-64553
- anonymous_blackzero: CVE-2025-64559, CVE-2025-64872, CVE-2025-64873, CVE-2025-64874, CVE-2025-64881
- mrhavit: CVE-2025-64539
- gammarex: CVE-2025-64540
- archyxsec: CVE-2025-64537
NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe
Revisions
September 30, 2025 -- Updated CVSS Vector string from CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N to CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N for CVE-2025-54251
Para obtener más información, visite https://helpx.adobe.com/es/security.html o envíe un correo electrónico a la dirección PSIRT@adobe.com.
