Adobe 安全性公告

搜尋

Adobe Experience Manager 的安全性更新 | APSB25-115

安全性公告 ID

發布日期

優先順序

APSB25-115

2025 年 12 月 9 日

3

摘要

Adobe 已發佈 Adobe Experience Manager (AEM) 的更新。 這些更新旨在解決多項重大重要弱點。 成功利用這些漏洞可能導致系統任意執行程式碼、檔案系統任意讀取及略過安全功能等問題。

Adobe 目前尚未發現這些更新程式解決的漏洞遭人利用之情事。

受影響的產品版本

產品 版本 平台
Adobe Experience Manager (AEM)
 AEM Cloud Service (CS)
 全部

6.5 LTS

6.5.23 及舊版 

 全部

解決方法

Adobe 依照下列優先順序分級將這些更新分類,並建議使用者將其安裝更新至最新版本:

產品

版本

平台

優先順序

可用性
Adobe Experience Manager (AEM) 
 AEM Cloud Service 版本 2025.12 全部 3 發行說明
Adobe Experience Manager (AEM)  6.5 LTS SP1(GRANITE-61551 修補程式) 全部  3 發行說明
Adobe Experience Manager (AEM) 6.5.24 全部  3 發行說明
註解:

若客戶執行的是 Adobe Experience Manager 的 Cloud Service,系統會自動接收更新,包括新功能以及安全性與功能錯誤修正。  

註解:

Experience Manager Security Considerations:

AEM as a Cloud Service Security Considerations
Anonymous Permission Hardening Package

註解:

若需尋求 AEM 6.4、6.3 和 6.2 等版本的相關協助,請洽詢 Adobe 客戶服務

漏洞詳細資料

Vulnerability Category
 Vulnerability Impact
 Severity
 CVSS base score
 CVSS vector
 CVE Number
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Critical 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2025-64537
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Critical 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2025-64539
Dependency on Vulnerable Third-Party Component (CWE-1395) Arbitrary file system read Critical 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N CVE-2025-64540
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64541
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64542
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64543
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64544
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64545
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64546
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64547
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64548
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64549
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64550
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64551
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64552
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64553
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64554
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64555
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64556
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64557
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64558
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64559
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64560
Cross-site Scripting (DOM-based XSS) (CWE-79) Priviledge escalation Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64562
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64563
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64564
Cross-site Scripting (DOM-based XSS) (CWE-79) Priviledge escalation Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64565
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64569
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64572
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64574
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64575
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64576
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64577
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64578
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64579
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64580
Cross-site Scripting (Stored XSS) (CWE-79) Priviledge escalation Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64581
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64582
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64583
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64585
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64586
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64590
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64591
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64592
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64593
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64594
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64596
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64597
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64598
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64599
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64600
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64601
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64602
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64603
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64604
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64605
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64606
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64607
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64609
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64610
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64611
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64612
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64614
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64615
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64616
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64619
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64620
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64622
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64623
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64626
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64627
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64789
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64790
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64791
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64792
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64793
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64794
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64796
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64797
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64799
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64800
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64801
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64802
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64803
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64804
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64808
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64814
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64817
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64820
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64821
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64822
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N		 CVE-2025-64823
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64825
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64826
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64827
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64829
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64833
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64839
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64840
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64841
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64845
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64847
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64850
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64852
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64853
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64857
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64858
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64860
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64861
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64863
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64869
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64872
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64873
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64875
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64881
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64887
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64888
註解:

If a customer is using Apache httpd in a proxy with a non-default configuration, they may be impacted by CVE-2023-25690 - please read more here: https://httpd.apache.org/security/vulnerabilities_24.html

Acknowledgments

Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers: 

  • green-jam: CVE-2025-64541, CVE-2025-64542, CVE-2025-64543, CVE-2025-64544, CVE-2025-64545, CVE-2025-64554, CVE-2025-64555, CVE-2025-64556, CVE-2025-64557, CVE-2025-64558, CVE-2025-64560, CVE-2025-64562, CVE-2025-64563, CVE-2025-64564, CVE-2025-64565, CVE-2025-64569, CVE-2025-64572, CVE-2025-64574, CVE-2025-64575, CVE-2025-64576, CVE-2025-64577, CVE-2025-64578, CVE-2025-64579, CVE-2025-64580, CVE-2025-64581, CVE-2025-64582, CVE-2025-64583, CVE-2025-64585, CVE-2025-64586, CVE-2025-64590, CVE-2025-64591, CVE-2025-64592, CVE-2025-64593, CVE-2025-64594, CVE-2025-64596, CVE-2025-64597, CVE-2025-64598, CVE-2025-64599, CVE-2025-64600, CVE-2025-64601, CVE-2025-64602, CVE-2025-64603, CVE-2025-64604, CVE-2025-64605, CVE-2025-64606, CVE-2025-64607, CVE-2025-64609, CVE-2025-64610, CVE-2025-64611, CVE-2025-64612, CVE-2025-64614, CVE-2025-64615, CVE-2025-64616, CVE-2025-64619, CVE-2025-64620, CVE-2025-64622, CVE-2025-64623, CVE-2025-64626, CVE-2025-64627, CVE-2025-64789, CVE-2025-64790, CVE-2025-64791, CVE-2025-64792, CVE-2025-64793, CVE-2025-64794, CVE-2025-64796, CVE-2025-64797, CVE-2025-64799, CVE-2025-64800, CVE-2025-64801, CVE-2025-64802, CVE-2025-64803, CVE-2025-64804, CVE-2025-64808, CVE-2025-64814, CVE-2025-64817, CVE-2025-64820, CVE-2025-64821, CVE-2025-64822, CVE-2025-64823, CVE-2025-64825, CVE-2025-64826, CVE-2025-64827, CVE-2025-64829, CVE-2025-64833, CVE-2025-64839, CVE-2025-64840, CVE-2025-64841, CVE-2025-64845, CVE-2025-64847, CVE-2025-64850, CVE-2025-64852, CVE-2025-64853, CVE-2025-64857, CVE-2025-64858, CVE-2025-64860, CVE-2025-64861, CVE-2025-64863, CVE-2025-64869, CVE-2025-64875, CVE-2025-64887, CVE-2025-64888
  • lpi: CVE-2025-64546, CVE-2025-64547, CVE-2025-64548, CVE-2025-64549, CVE-2025-64550, CVE-2025-64551, CVE-2025-64552, CVE-2025-64553
  • anonymous_blackzero: CVE-2025-64559, CVE-2025-64872, CVE-2025-64873, CVE-2025-64874, CVE-2025-64881
  • mrhavit: CVE-2025-64539
  • gammarex: CVE-2025-64540
  • archyxsec: CVE-2025-64537

NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe

 

 

Revisions

September 30, 2025 -- Updated CVSS Vector string from CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N to CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N for CVE-2025-54251

如需詳細資訊,請造訪 https://helpx.adobe.com/tw/security.html,或傳送電子郵件至 PSIRT@adobe.com。

Adobe, Inc.

更快、更輕鬆地獲得協助

新的使用者?

快速連結

檢視您的所有計劃 管理您的計劃
檢視快速連結
隱藏快速連結