CVE-2025-46984 is a stored DOM-based Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability arises from insufficient sanitization of user input in certain form fields, allowing a low-privileged attacker to inject malicious JavaScript code that is persistently stored on the server. When a victim accesses a page containing the vulnerable form field, the malicious script executes in their browser context. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS 3.1 base score is 5.4 (medium severity), with an attack vector of network (remote exploitation), low attack complexity, requiring low privileges, and user interaction (victim must visit the malicious page). The scope is changed, meaning the vulnerability can affect components beyond the initially vulnerable module. The impact includes limited confidentiality and integrity loss, as the attacker can execute scripts in the victim’s browser potentially leading to session hijacking, defacement, or unauthorized actions on behalf of the user. Availability impact is not present. No known exploits are currently reported in the wild, and no official patches are linked yet. The vulnerability is significant because AEM is widely used by enterprises for content management and digital experience delivery, making it a valuable target for attackers aiming to compromise user sessions or deliver further payloads via trusted domains.

For European organizations, the impact of this vulnerability can be substantial, especially for those relying on Adobe Experience Manager for their web content management and customer-facing portals. Exploitation could lead to theft of user credentials, session tokens, or sensitive data entered by users, undermining user trust and potentially violating GDPR requirements regarding data protection and breach notification. Attackers could also manipulate content or redirect users to malicious sites, damaging brand reputation. Since AEM is often used by government, financial, and retail sectors in Europe, the risk extends to critical services and e-commerce platforms. The medium severity score suggests that while the vulnerability is not trivially exploitable without some user interaction, the consequences of a successful attack can disrupt business operations and lead to regulatory penalties. The lack of known exploits currently provides a window for mitigation, but organizations should act promptly to prevent exploitation.

European organizations should implement the following specific mitigations: 1) Immediately audit all AEM instances to identify usage of vulnerable versions (6.5.22 and earlier). 2) Apply any available Adobe security updates or patches as soon as they are released; if patches are not yet available, consider temporary workarounds such as disabling or restricting access to vulnerable form fields or pages. 3) Implement strict Content Security Policy (CSP) headers to limit the execution of unauthorized scripts and reduce the impact of XSS attacks. 4) Employ web application firewalls (WAFs) with custom rules to detect and block suspicious input patterns targeting AEM forms. 5) Conduct thorough input validation and output encoding on all user-supplied data within AEM custom components or templates. 6) Educate users and administrators about the risks of clicking on suspicious links and the importance of reporting unusual behavior. 7) Monitor logs and network traffic for signs of attempted exploitation or anomalous activity related to AEM web pages. 8) Review and tighten user privileges to minimize the ability of low-privileged users to inject malicious content. These steps go beyond generic advice by focusing on AEM-specific controls and compensating controls until official patches are available.