CVE-2025-46847 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability allows a low-privileged attacker to inject malicious JavaScript code into vulnerable form fields within the AEM interface. When a victim user subsequently accesses a page containing the compromised form field, the malicious script executes in their browser context. This stored XSS flaw arises from insufficient input validation and output encoding of user-supplied data in form fields, enabling persistent script injection. The vulnerability is classified under CWE-79, which covers improper neutralization of input during web page generation. The CVSS v3.1 base score is 5.4 (medium severity), with vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network attack vector, low attack complexity, requiring low privileges and user interaction, with a scope change and limited confidentiality and integrity impact but no availability impact. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability could be leveraged to steal session tokens, perform actions on behalf of authenticated users, or deliver further malware payloads, depending on the victim's privileges and the context of the injected script. Given AEM's role as a content management system widely used by enterprises for web content delivery, exploitation could lead to significant reputational damage, data leakage, or unauthorized actions within affected web portals.

For European organizations, this vulnerability poses a moderate risk, particularly for those relying on Adobe Experience Manager for public-facing websites or internal portals. Exploitation could lead to unauthorized disclosure of sensitive information, session hijacking, or manipulation of web content, undermining user trust and potentially violating GDPR requirements concerning data protection and breach notification. Organizations in sectors such as government, finance, healthcare, and media, which commonly use AEM for content management, may face increased risk of targeted attacks exploiting this vulnerability. The scope change indicated in the CVSS vector means that the vulnerability could affect resources beyond the initially vulnerable component, potentially impacting multiple users or systems. Although exploitation requires some user interaction, the low privilege requirement lowers the barrier for attackers to inject malicious scripts. The absence of known exploits in the wild suggests a window for proactive mitigation before widespread attacks occur. However, failure to address this vulnerability promptly could expose organizations to phishing, credential theft, or defacement campaigns, which could disrupt operations and damage brand reputation.

European organizations should prioritize the following mitigation steps: 1) Conduct an immediate audit of all AEM instances to identify versions 6.5.22 or earlier and isolate affected systems. 2) Implement strict input validation and output encoding on all form fields, especially those accepting user-generated content, to prevent script injection. 3) Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of potential XSS payloads. 4) Enforce multi-factor authentication (MFA) for administrative and user accounts to limit the damage from session hijacking. 5) Monitor web application logs and user activity for unusual behavior indicative of exploitation attempts. 6) Engage with Adobe support channels to obtain patches or workarounds as they become available and apply them promptly. 7) Educate users about the risks of interacting with suspicious content and encourage reporting of anomalies. 8) Consider deploying web application firewalls (WAFs) with rules tuned to detect and block XSS attack patterns targeting AEM. These targeted measures go beyond generic advice by focusing on the specific context of AEM and the nature of stored XSS attacks.