CVE-2025-46840

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-46840
Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

8.7 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*
cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*
History

13 Jun 2025, 13:04

Type Values Removed Values Added
First Time Adobe experience Manager
Adobe
References () https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html - () https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html - Vendor Advisory
CPE cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*
cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*

12 Jun 2025, 16:06

Type Values Removed Values Added
Summary
  • (es) Las versiones 6.5.22 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de autorización incorrecta que podría provocar una escalada de privilegios. Un atacante con pocos privilegios podría aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso no autorizado. Para explotar este problema se requiere la interacción del usuario. Un atacante con éxito puede abusar de esta vulnerabilidad para tomar el control de la sesión, lo que aumenta el impacto en la confidencialidad y la integridad.

10 Jun 2025, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-10 23:15

Updated : 2025-06-13 13:04

NVD link : CVE-2025-46840

Mitre link : CVE-2025-46840

CVE.ORG link : CVE-2025-46840

JSON object : View

Products Affected

adobe

  • experience_manager
CWE
CWE-285

Improper Authorization