UPDATE: A  CQ5 vulnerability has been recently reported via PSIRT. CQ 5.5 and newer CQ and AEM releases already contain the fix. Adobe recommends users of CQ 5.4 update their installations by applying the hot fix.

Hi, Adobe takes reports of vulnerabilities in AEM very seriously. You can find more information about incident response at Adobe here. We generally advise installing all recommended hot fixes and service packs as soon as they become available.Regards,AEM Security Team