Adobe Experience Manager - SSRF (CVE-2025-54249)

CVE-2025-54249 is a Server-Side Request Forgery (SSRF) vulnerability in Adobe Experience Manager versions 6.5.23.0 and earlier, which allows low-privileged attackers to manipulate server-side requests and bypass security controls. Exploiting this flaw could enable unauthorized read access to sensitive internal resources, potentially exposing confidential information to threat actors.

CrowdSec has been tracking this vulnerability and its exploits since 15th of October 2025.

CrowdSec network observations suggest that most exploitation of CVE-2025-54249 involves focused reconnaissance to identify viable targets. Attackers typically tailor their campaigns based on system exposure and configuration. It is unlikely that a given attack is accidental. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2025-54249 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2025-54249 is currently experiencing high visibility and active exploitation across the internet.

Attackers exploit this vulnerability by sending crafted POST requests to endpoints such as /services/accesstoken/verify with a manipulated auth_url parameter, enabling SSRF attempts against internal or external resources.