Bulletin ID
Last updated on
Apr 8, 2025
Security updates available for Adobe Experience Manager Forms | APSB25-27
|
|
Date Published |
Priority |
|---|---|---|
|
APSB25-27 |
April 8, 2025 |
2 |
Summary
Adobe has released security updates for AEM Forms on JEE versions for a dependency on vulnerable Third-Party Component . This dependency update resolves an important vulnerability that could lead to path traversal and case sensitive match exception.
Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.
Affected Product Versions
| Product | Version | Platform |
|---|---|---|
| Adobe Experience Manager (AEM) Forms on JEE |
6.5.22.0 (AEMForms-6.5.0-0093) and earlier | All |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Product |
Version |
Platform |
Priority |
Availability |
|---|---|---|---|---|
| Adobe Experience Manager (AEM) Forms on JEE | 6.5.22.0 (AEMForms-6.5.0-0095) | All |
2 |
Update Instructions |
Note:
Please contact Adobe customer care for assistance with AEM versions 6.4, 6.3 and 6.2.
Updates to Dependencies
| CVE | Dependency |
Vulnerability Impact |
Affected Versions |
| CVE-2024-38819 | Spring | Path Traversal | AEM 6.5.22.0 and earlier |
| CVE-2024-38820 | Spring | Case Sensitive Match Exception | AEM 6.5.22.0 and earlier |
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.
