CVE-2025-46840
BaseFortify
Publication date: 2025-06-10
Last updated on: 2025-06-13
Assigner: Adobe Systems Incorporated
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| adobe | experience_manager | to 6.5.23.0 (exc) |
| adobe | experience_manager | to 2025.5.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Authorization issue in Adobe Experience Manager versions 6.5.22 and earlier. It allows a low privileged attacker to bypass security measures and escalate their privileges. Exploitation requires user interaction, and a successful attack can lead to session takeover, compromising confidentiality and integrity.
How can this vulnerability impact me? :
The vulnerability can allow an attacker with low privileges to escalate their access rights and take over user sessions. This can lead to unauthorized access to sensitive information and manipulation of data, significantly impacting the confidentiality and integrity of your system.