CVE-2025-47002 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability allows a low-privileged attacker to inject malicious JavaScript code into vulnerable form fields within the AEM environment. When a victim subsequently visits a page containing the compromised form field, the malicious script executes in their browser context. Stored XSS differs from reflected XSS in that the malicious payload is permanently stored on the server side, increasing the likelihood of multiple victims being impacted. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS v3.1 base score is 5.4 (medium severity), with vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, meaning the attack can be launched remotely over the network with low attack complexity, requires low privileges, and user interaction is needed to trigger the payload. The scope is changed (S:C), indicating the vulnerability affects resources beyond the initially vulnerable component. The impact includes limited confidentiality and integrity loss but no availability impact. No known exploits are currently reported in the wild, and no patches are linked yet. Given AEM’s role as a content management system widely used by enterprises for managing digital assets and web content, exploitation could lead to session hijacking, credential theft, or unauthorized actions performed in the context of the victim’s session. This could facilitate further lateral movement or data exfiltration within an organization’s web infrastructure.

For European organizations, the impact of this vulnerability could be significant, especially for those relying on Adobe Experience Manager for public-facing websites, intranets, or digital marketing platforms. Exploitation could lead to unauthorized access to sensitive user data, session hijacking, or defacement of web content, undermining user trust and potentially violating GDPR requirements related to data protection and breach notification. The stored nature of the XSS means multiple users could be affected over time, increasing the risk of widespread compromise. Additionally, attackers could leverage the vulnerability as a foothold to escalate privileges or pivot to other internal systems. Organizations in sectors such as finance, government, healthcare, and e-commerce, which often use AEM for content delivery, may face reputational damage, regulatory penalties, and operational disruption if the vulnerability is exploited.

Organizations should prioritize the following mitigation steps: 1) Apply official patches or updates from Adobe as soon as they become available to remediate the vulnerability. 2) Implement strict input validation and output encoding on all user-supplied data fields within AEM to prevent injection of malicious scripts. 3) Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 4) Conduct thorough security testing, including automated scanning and manual penetration testing focused on XSS vectors in AEM forms and components. 5) Restrict privileges of users who can submit or manage content to minimize the risk from low-privileged attackers. 6) Monitor web server and application logs for suspicious activity indicative of attempted XSS exploitation. 7) Educate users and administrators about the risks of XSS and the importance of cautious interaction with web content. 8) Consider deploying Web Application Firewalls (WAFs) with rules tuned to detect and block XSS payloads targeting AEM.