Unrated severityNVD Advisory· Published Jul 8, 2025· Updated Feb 26, 2026

Adobe Experience Manager (MS) | Deserialization of Untrusted Data (CWE-502)

CVE-2025-49533

Description

Adobe Experience Manager (MS) versions 6.5.23.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. Scope is unchanged.

Affected products

Adobe Inc./Experience Managerllm-fuzzy
Range: <=6.5.23.0
Adobe/Adobe Experience Manager (MS)v5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

helpx.adobe.com/security/products/aem-forms/apsb25-67.htmlmitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.061
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000