CVE-2025-54256 — Cross-Site Request Forgery in Adobe Dreamweaver

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

8.6HIGHNVD

EPSS

0.0%

top 97.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Dreamweaver Adobe Dreamweaver Desktop

Timeline

PublishedSep 9

Description

Dreamweaver Desktop versions 21.5 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must click on a malicious link, and scope is changed.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5adobe/dreamweaver_desktop21.5

▶NVDadobe/dreamweaver< 21.6

🔴Vulnerability Details

GHSA

GHSA-vjpr-5m84-xxg2: Dreamweaver Desktop versions 21↗2025-09-09

▶

CVEList

Dreamweaver Desktop | Cross-Site Request Forgery (CSRF) (CWE-352)↗2025-09-09

▶