Adobe セキュリティ速報

検索

Adobe Experience Manager に関するセキュリティアップデート公開 | APSB25-115

情報 ID

公開日

優先度

APSB25-115

20025年12月9日

3

要約

Adobe Experience Manager (AEM)を対象としたアップデートが公開されました。 これらのアップデートは、クリティカルおよび重要に分類される脆弱性を解決します。 これらの脆弱性が悪用されると、任意のコード実行、任意のファイルシステム読み取り、権限のエスカレーションが発生する恐れがあります。

本アップデートによって修正される脆弱性が、広く悪用されているという事例は確認されていません。

対象の製品バージョン

製品名 バージョン プラットフォーム
Adobe Experience Manager(AEM)
 AEM Cloud Service(CS)
 すべて

6.5 LTS

6.5.23 とそれ以前のバージョン 

 すべて

解決策

アドビは、これらのアップデートを次の優先度評価に分類しており、対象製品をご利用のお客様に最新バージョンへのアップグレードを推奨します。

プロダクト

バージョン

Platform

優先度

利用可能状況
Adobe Experience Manager(AEM)
 AEM Cloud Service リリース 2025.12 すべて 3 リリースノート
Adobe Experience Manager(AEM))  6.5 LTS SP1(GRANITE-61551 ホットフィックス) すべて  3 リリースノート
Adobe Experience Manager(AEM) 6.5.24 すべて  3 リリースノート
注意:

Adobe Experience Manager の Cloud Service をご利用のお客様には、新機能のほか、セキュリティや機能性のバグ修正を含むアップデートが自動的に配信されます。  

注意:

Experience Manager Security Considerations:

AEM as a Cloud Service Security Considerations
Anonymous Permission Hardening Package

注意:

AEM バージョン 6.4、6.3 および 6.2 のサポートについては、アドビカスタマケアにお問い合わせください。

脆弱性に関する詳細

Vulnerability Category
 Vulnerability Impact
 Severity
 CVSS base score
 CVSS vector
 CVE Number
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Critical 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2025-64537
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Critical 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2025-64539
Dependency on Vulnerable Third-Party Component (CWE-1395) Arbitrary file system read Critical 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N CVE-2025-64540
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64541
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64542
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64543
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64544
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64545
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64546
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64547
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64548
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64549
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64550
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64551
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64552
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64553
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64554
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64555
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64556
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64557
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64558
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64559
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64560
Cross-site Scripting (DOM-based XSS) (CWE-79) Priviledge escalation Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64562
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64563
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64564
Cross-site Scripting (DOM-based XSS) (CWE-79) Priviledge escalation Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64565
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64569
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64572
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64574
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64575
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64576
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64577
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64578
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64579
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64580
Cross-site Scripting (Stored XSS) (CWE-79) Priviledge escalation Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64581
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64582
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64583
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64585
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64586
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64590
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64591
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64592
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64593
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64594
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64596
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64597
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64598
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64599
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64600
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64601
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64602
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64603
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64604
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64605
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64606
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64607
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64609
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64610
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64611
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64612
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64614
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64615
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64616
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64619
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64620
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64622
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64623
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64626
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64627
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64789
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64790
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64791
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64792
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64793
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64794
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64796
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64797
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64799
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64800
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64801
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64802
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64803
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64804
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64808
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64814
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64817
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64820
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64821
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64822
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N		 CVE-2025-64823
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64825
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64826
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64827
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64829
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64833
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64839
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64840
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64841
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64845
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64847
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64850
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64852
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64853
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64857
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64858
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64860
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64861
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64863
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64869
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64872
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64873
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64875
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64881
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64887
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2025-64888
注意:

If a customer is using Apache httpd in a proxy with a non-default configuration, they may be impacted by CVE-2023-25690 - please read more here: https://httpd.apache.org/security/vulnerabilities_24.html

Acknowledgments

Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers: 

  • green-jam: CVE-2025-64541, CVE-2025-64542, CVE-2025-64543, CVE-2025-64544, CVE-2025-64545, CVE-2025-64554, CVE-2025-64555, CVE-2025-64556, CVE-2025-64557, CVE-2025-64558, CVE-2025-64560, CVE-2025-64562, CVE-2025-64563, CVE-2025-64564, CVE-2025-64565, CVE-2025-64569, CVE-2025-64572, CVE-2025-64574, CVE-2025-64575, CVE-2025-64576, CVE-2025-64577, CVE-2025-64578, CVE-2025-64579, CVE-2025-64580, CVE-2025-64581, CVE-2025-64582, CVE-2025-64583, CVE-2025-64585, CVE-2025-64586, CVE-2025-64590, CVE-2025-64591, CVE-2025-64592, CVE-2025-64593, CVE-2025-64594, CVE-2025-64596, CVE-2025-64597, CVE-2025-64598, CVE-2025-64599, CVE-2025-64600, CVE-2025-64601, CVE-2025-64602, CVE-2025-64603, CVE-2025-64604, CVE-2025-64605, CVE-2025-64606, CVE-2025-64607, CVE-2025-64609, CVE-2025-64610, CVE-2025-64611, CVE-2025-64612, CVE-2025-64614, CVE-2025-64615, CVE-2025-64616, CVE-2025-64619, CVE-2025-64620, CVE-2025-64622, CVE-2025-64623, CVE-2025-64626, CVE-2025-64627, CVE-2025-64789, CVE-2025-64790, CVE-2025-64791, CVE-2025-64792, CVE-2025-64793, CVE-2025-64794, CVE-2025-64796, CVE-2025-64797, CVE-2025-64799, CVE-2025-64800, CVE-2025-64801, CVE-2025-64802, CVE-2025-64803, CVE-2025-64804, CVE-2025-64808, CVE-2025-64814, CVE-2025-64817, CVE-2025-64820, CVE-2025-64821, CVE-2025-64822, CVE-2025-64823, CVE-2025-64825, CVE-2025-64826, CVE-2025-64827, CVE-2025-64829, CVE-2025-64833, CVE-2025-64839, CVE-2025-64840, CVE-2025-64841, CVE-2025-64845, CVE-2025-64847, CVE-2025-64850, CVE-2025-64852, CVE-2025-64853, CVE-2025-64857, CVE-2025-64858, CVE-2025-64860, CVE-2025-64861, CVE-2025-64863, CVE-2025-64869, CVE-2025-64875, CVE-2025-64887, CVE-2025-64888
  • lpi: CVE-2025-64546, CVE-2025-64547, CVE-2025-64548, CVE-2025-64549, CVE-2025-64550, CVE-2025-64551, CVE-2025-64552, CVE-2025-64553
  • anonymous_blackzero: CVE-2025-64559, CVE-2025-64872, CVE-2025-64873, CVE-2025-64874, CVE-2025-64881
  • mrhavit: CVE-2025-64539
  • gammarex: CVE-2025-64540
  • archyxsec: CVE-2025-64537

NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe

 

 

Revisions

September 30, 2025 -- Updated CVSS Vector string from CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N to CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N for CVE-2025-54251

詳しくは、https://helpx.adobe.com/jp/security.htmlを参照するか、PSIRT@adobe.com 宛てに電子メールでお問い合わせください。

Adobe, Inc.

ヘルプをすばやく簡単に入手

新規ユーザーの場合

クイックリンク

すべてのプランを表示 プランを管理
クイックリンクを表示する
クイックリンクを非表示にする

アドビサポートコミュニティ

使い方についての質問やCreator同士の情報交換ができます。気軽に質問してみましょう。

質問する

サポート

問題解決のためのエキスパートのサポート。

利用する
^ ページの先頭へ