CISA adds Adobe AEM CVE-2025-54253 to its KEV list after confirmed active exploitation.
  • fubarx@lemmy.worldEnglish
    0·
    17 days ago

    The flaw results from the dangerously exposed /adminui/debug servlet, which evaluates user-supplied OGNL expressions as Java code without requiring authentication or input validation."

    WTF? 😳