Bulletin ID
Last updated on
Apr 8, 2025
Security updates available for Adobe Experience Manager Screens | APSB25-32
|
|
Date Published |
Priority |
|---|---|---|
|
APSB25-32 |
April 8, 2025 |
3 |
Summary
Adobe has released security updates for AEM Screens. This vulnerability resolves an important vulnerability that could lead to arbitrary code execution.
Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.
Affected Product Versions
| Product | Version | Platform |
|---|---|---|
| Adobe Experience Manager (AEM) Screens |
AEM 6.5 Screens FP11.3 and earlier | All |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Product |
Version |
Platform |
Priority |
Availability |
|---|---|---|---|---|
| Adobe Experience Manager (AEM) Screens |
AEM 6.5 Screens FP11.4 | All | 3 | AEM 6.5 Feature Pack 11.4 Release Notes |
Note:
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Number |
|
|---|---|---|---|---|---|
|
Cross-site Scripting (Reflected XSS) (CWE-79) |
Arbitrary code execution |
Important |
5.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
CVE-2025-27205 |
For more information, please see: https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
Acknowledgments
Acknowledgments
Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers:
- Jim Green (green-jam) -- CVE-2025-27205
NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.
