Adobe today released a Critical Hotfix for AEM to patch a flaw (CVE-2015-7501) classified as CVSS 10.0 (highest criticality in the Common Vulnerability Scoring System). You can find information about the Hotfix by logging into your Adobe PackageShare, or by visiting https://www.adobeaemcloud.com/content/marketplace/marketplaceProxy.html?packagePath=/content/companies/public/adobe/packages/cq/hotfix/cq-ALL-hotfix-NPR-8364.
We join with Adobe in recommending that this Hotfix be applied as soon as possible to all AEM servers 5.5.0-6.1.
If you need any background on the issue, or help figuring out how to apply this to your environments, please don’t hesitate to contact us: @axis41 or info@aempodcast.com.