漏洞平台

POC详情： 5dd9c7eb08d3749ff799d331a81a8af6fb732081

来源

https://github.com/barbaraeivyu/CVE-2025-54253-e

关联漏洞

标题： Adobe Experience Manager 安全漏洞 (CVE-2025-54253)
描述：Adobe Experience Manager（AEM）是美国奥多比（Adobe）公司的一套可用于构建网站、移动应用程序和表单的内容管理解决方案。该方案支持移动内容管理、营销销售活动管理和多站点管理等。 Adobe Experience Manager（AEM）6.5.23及之前版本存在安全漏洞，该漏洞源于配置不当，可能导致任意代码执行。

介绍

   # CVE-2025-54253 - Adobe AEM Forms RCE Exploit

   ## Overview
   CVE-2025-54253 is a critical remote code execution vulnerability in Adobe Experience Manager (AEM) Forms on JEE. It stems from an authentication bypass in the `/adminui` module, combined with Apache Struts development mode enabled by default in some setups, allowing attackers to inject and execute OGNL expressions.

   ## CVE Information
   - **CVE Assigned:** CVE-2025-54253
   - **CVE Published State:** PUBLISHED
   - **CVE Link:** https://nvd.nist.gov/vuln/detail/CVE-2025-54253

   ## Description
   An authentication bypass vulnerability exists in Adobe Experience Manager (AEM) Forms on JEE due to a misconfiguration in the `/adminui` module, combined with Apache Struts development mode enabled by default in some setups. This allows attackers to inject and execute OGNL expressions, leading to remote code execution (RCE) on the underlying system without authentication.

   ## Impact
   1. Full compromise of the server, including execution of arbitrary system commands.
   2. Gaining persistent access to the system.
   3. Exfiltration of sensitive data.
   4. Using the compromised host to pivot within the network.

   ## Attack Scenario
   1. Attacker identifies a vulnerable AEM Forms instance.
   2. Exploits the authentication bypass in the `/adminui` module.
   3. Injects an OGNL expression to execute arbitrary commands.
   4. Gains control over the server and performs malicious actions.

   ## Technical Details
   - **Vulnerability Type:** Authentication Bypass, Remote Code Execution
   - **CWE Classification:** CWE-287 – Improper Authentication, CWE-917 – Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
   - **Attack Type:** Remote

   ## Affected Versions
   - Adobe Experience Manager (AEM) Forms on JEE versions 6.5.23 and earlier.

   ## Vendor Information
   - **Vendor:** Adobe
   - **Website:** https://www.adobe.com/

   ## Proof of Concept (PoC)
   1. Intercept the HTTP request to the `/adminui` module.
   2. Inject an OGNL expression to execute a command, such as listing directory contents.
   3. Example hypothetical payload (not an actual working script):
      ```
      GET /lc/libs/foundation/component/redirect?url=%25%7b%28%27ls%20-l%27%29%5b%40java.lang.Runtime%40getRuntime%28%29.exec%28%27ls%27%29%5d%7d HTTP/1.1
      ```
   4. POC at - http://bit.ly/457kRJG

   ## Disclaimer
   This repository is for **educational and authorized testing purposes only**. Do not use the information or code on systems without explicit permission. The author is not responsible for any misuse or damage.

文件快照


 [4.0K]  /data/pocs/5dd9c7eb08d3749ff799d331a81a8af6fb732081
└── [2.6K]  README.md

0 directories, 1 file

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。