Intrusion Prevention

Adobe.Experience.Manager.edcws.XXE

Description

This indicates an attack attempt to exploit an External Entity Injection Vulnerability in Adobe Experience Manager.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker could exploit this vulnerability by sending crafted data to the target server. Successful exploitation could lead to the disclosure of the contents of arbitrary files within the system, which may be used to further compromise the system.

Affected Products

Adobe Experience Manager prior to 6.5.0-0108

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date	Version	Status	Detail
2025-09-15	34.084	Modified	Default_action:pass:drop
2025-09-01	34.075	New

ID	58790
Created	Aug 26, 2025
Updated	Sep 15, 2025
CVE ID
Risk
Exploit Prediction Score	0.25%
Default Action	drop
Active
Affected OS	Windows, Linux, MacOS
Affected App	Adobe
Profile Type	Permission/Privilege/Access Control

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Intrusion Prevention

Adobe.Experience.Manager.edcws.XXE

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Intrusion Prevention

Adobe.Experience.Manager.edcws.XXE

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

Threat Intelligence
Center