diff --git a/cves.json b/cves.json
index 127255c3edd..56f40df317e 100644
--- a/cves.json
+++ b/cves.json
@@ -3546,6 +3546,7 @@
 {"ID":"CVE-2025-49113","Info":{"Name":"Roundcube Webmail - Remote Code Execution","Severity":"critical","Description":"Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2025/CVE-2025-49113.yaml"}
 {"ID":"CVE-2025-49132","Info":{"Name":"Pterodactyl Panel - Remote Code Execution","Severity":"critical","Description":"Pterodactyl is a free, open-source game server management panel. Using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2025/CVE-2025-49132.yaml"}
 {"ID":"CVE-2025-49493","Info":{"Name":"Akamai CloudTest \u003c 60 2025.06.02 - XML External Entity (XXE)","Severity":"critical","Description":"Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2025/CVE-2025-49493.yaml"}
+{"ID":"CVE-2025-49533","Info":{"Name":"Adobe Experience Manager Forms - Insecure Deserialization","Severity":"critical","Description":"Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-49533.yaml"}
 {"ID":"CVE-2025-49596","Info":{"Name":"MCP Inspector \u003c 0.14.0 UnauthenticatedRemote Code Execution","Severity":"critical","Description":"The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-49596.yaml"}
 {"ID":"CVE-2025-49706","Info":{"Name":"Microsoft SharePoint Server - Authentication Bypass","Severity":"medium","Description":"Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2025/CVE-2025-49706.yaml"}
 {"ID":"CVE-2025-49825","Info":{"Name":"Teleport - Authentication Bypass","Severity":"critical","Description":"Teleport versions prior to 17.5.2 are vulnerable to a remote authentication bypass vulnerability. This issue allows attackers to gain unauthorized access to affected systems.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2025/CVE-2025-49825.yaml"}
@@ -3577,7 +3578,6 @@
 {"ID":"CVE-2025-54236","Info":{"Name":"Adobe Commerce - Authentication Bypass","Severity":"critical","Description":"Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-54236.yaml"}
 {"ID":"CVE-2025-54249","Info":{"Name":"Adobe Experience Manager ≤ 6.5.23.0 – SSRF","Severity":"medium","Description":"Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-54249.yaml"}
 {"ID":"CVE-2025-54251","Info":{"Name":"Adobe Experience Manager ≤ 6.5.23.0 - XML Injection","Severity":"medium","Description":"Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2025/CVE-2025-54251.yaml"}
-{"ID":"CVE-2025-54253","Info":{"Name":"Adobe Experience Manager Forms - Insecure Deserialization","Severity":"critical","Description":"Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-54253.yaml"}
 {"ID":"CVE-2025-54589","Info":{"Name":"Copyparty \u003c=1.18.6 - Cross-Site Scripting","Severity":"medium","Description":"Copyparty before 1.18.7 is vulnerable to reflected cross-site scripting (XSS) via the 'filter' parameter in the '/?ru' endpoint. Unsanitized user input is reflected in the HTML response, allowing attackers to execute arbitrary JavaScript in the context of the victim's browser.\n","Classification":{"CVSSScore":"6.3"}},"file_path":"http/cves/2025/CVE-2025-54589.yaml"}
 {"ID":"CVE-2025-54782","Info":{"Name":"NestJS DevTools Integration - Remote Code Execution","Severity":"critical","Description":"Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution (RCE) vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox (safe-eval-like implementation). Due to improper sandboxing and missing cross-origin protections, any malicious website visited by a developer can execute arbitrary code on their local machine. The package adds HTTP endpoints to a locally running NestJS development server. One of these endpoints, /inspector/graph/interact, accepts JSON input containing a code field and executes the provided code in a Node.js vm.runInNewContext sandbox.\n","Classification":{"CVSSScore":"9.4"}},"file_path":"http/cves/2025/CVE-2025-54782.yaml"}
 {"ID":"CVE-2025-55161","Info":{"Name":"Stirling-PDF SSRF via Markdown","Severity":"high","Description":"Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2025/CVE-2025-55161.yaml"}
diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt
index ae9f8fec2ea..c9786957d50 100644
--- a/cves.json-checksum.txt
+++ b/cves.json-checksum.txt
@@ -1 +1 @@
-7459d3135cbedd68536249816b1489e6
+6eb60656fcfc4629133ceca01828c499