CVE-2025-64538

🚨 CRITICAL

Published

Dec 10, 2025

Last Modified

Dec 12, 2025

Views

Bookmarks

Description

Request Expert Review

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the victim's browser. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Exploitation of this issue requires user interaction in that a victim must visit a crafted malicious page.

Affected Products (3)

adobe - experience_manager

Version: *

adobe - experience_manager

Version: *

adobe - experience_manager

Version: 6.5

CVSS Scores

CVSS 3.1 9.3

9.3

CRITICAL

CVSS 2.0 9.3

References

helpx.adobe.com

Additional Information

Source: psirt@adobe.com
State: Analyzed

Related CVEs

CVE-2026-1139

HIGH

A vulnerability has been found in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/ConfigExceptMSN. The...

Score: 8.8

CVE-2026-1138

HIGH

A flaw has been found in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/ConfigExceptQQ. Executing a manipulation can...

Score: 8.8

CVE-2026-1137

HIGH

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formWebAuthGlobalConfig....

Score: 8.8

CVE-2026-1136

LOW

A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bCont...

Score: 3.5

CVE-2026-1135

MEDIUM

A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. T...

Score: 4.3

CVE-2026-1134

MEDIUM

A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown function of the file /admin/expenses.php. The ma...

Score: 4.3

Share CVE-2025-64538

Share on Social Media

Copy Link

Embed Code

HTML Embed (for websites/blogs)

Markdown (for GitHub/Discord)

Request Expert Analysis

Request a professional security analysis for CVE-2025-64538 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Priority Level

SLA Acceleration (50% faster delivery)

Add 3 credits for accelerated delivery

Additional Context (Optional)

Base Cost: 8 credits

Priority Upgrade: + credits

SLA Acceleration: +3 credits

Total Cost:

Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

CVE-2025-64538

Description

Affected Products (3)

adobe - experience_manager

adobe - experience_manager

adobe - experience_manager

CVSS Scores

References

Additional Information

Related CVEs

CVE-2026-1139

CVE-2026-1138

CVE-2026-1137

CVE-2026-1136

CVE-2026-1135

CVE-2026-1134

Share CVE-2025-64538

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Credits System

Insufficient Credits

Report Analysis