CVE-2025-46970 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability arises from insufficient sanitization of user input in certain form fields, allowing a low-privileged attacker to inject malicious JavaScript code that is persistently stored on the server. When a victim user accesses a page containing the compromised form field, the malicious script executes in their browser context. This is a DOM-based XSS, meaning the attack payload manipulates the Document Object Model on the client side, potentially bypassing some traditional server-side filters. The vulnerability requires low privileges to exploit but does require user interaction, as the victim must visit the affected page. The CVSS 3.1 base score is 5.4 (medium severity), reflecting network attack vector, low attack complexity, low privileges required, but user interaction needed, and a scope change indicating the vulnerability affects components beyond the initially vulnerable module. The impact includes partial confidentiality and integrity loss, as malicious scripts can steal session tokens, perform actions on behalf of the user, or manipulate page content. No known exploits are currently reported in the wild, and no patches have been linked yet. Given Adobe Experience Manager's role as a content management system widely used for enterprise web content delivery, exploitation could lead to significant reputational damage and data leakage.

For European organizations, the impact of this vulnerability can be significant, especially for those relying on Adobe Experience Manager to manage public-facing websites or intranet portals. Successful exploitation could lead to theft of user credentials, session hijacking, unauthorized actions performed in the context of legitimate users, and potential spread of malware through injected scripts. This could compromise sensitive customer or employee data, violate GDPR requirements for data protection, and lead to regulatory fines and loss of customer trust. Additionally, the vulnerability could be leveraged as an initial foothold in a broader attack campaign targeting internal networks if AEM is used in internal applications. The medium severity score suggests the threat is moderate but should not be underestimated given the criticality of web content management platforms in digital business operations.

Organizations should immediately audit their Adobe Experience Manager installations to identify affected versions (6.5.22 and earlier). Until official patches are released, implement strict input validation and output encoding on all user-supplied data in AEM forms to prevent script injection. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on affected web pages. Regularly monitor web logs and user reports for suspicious activity indicative of XSS exploitation. Limit user privileges to the minimum necessary to reduce the risk of injection by low-privileged attackers. Consider deploying Web Application Firewalls (WAFs) with rules tuned to detect and block XSS payloads targeting AEM. Finally, stay updated with Adobe security advisories and apply official patches promptly once available.