CVE-2025-46840

Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*
cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*

History

13 Jun 2025, 13:04

Type Values Removed Values Added
CPE cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*
cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*
First Time Adobe experience Manager
Adobe
References () https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html - () https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html - Vendor Advisory

12 Jun 2025, 16:06

Type Values Removed Values Added
Summary
  • (es) Las versiones 6.5.22 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de autorización incorrecta que podría provocar una escalada de privilegios. Un atacante con pocos privilegios podría aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso no autorizado. Para explotar este problema se requiere la interacción del usuario. Un atacante con éxito puede abusar de esta vulnerabilidad para tomar el control de la sesión, lo que aumenta el impacto en la confidencialidad y la integridad.

10 Jun 2025, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-10 23:15

Updated : 2025-06-13 13:04


NVD link : CVE-2025-46840

Mitre link : CVE-2025-46840

CVE.ORG link : CVE-2025-46840


JSON object : View

Products Affected

adobe

  • experience_manager
CWE
CWE-285

Improper Authorization