CVE-2025-47003 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability arises from insufficient input sanitization in certain form fields within AEM, allowing a low-privileged attacker to inject malicious JavaScript code that is persistently stored on the server. When a victim user accesses a page containing the compromised form field, the malicious script executes in their browser context. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS v3.1 base score is 5.4 (medium severity), with vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, meaning the attack can be performed remotely over the network with low attack complexity, requires low privileges, and user interaction (visiting the malicious page) is necessary. The scope is changed (S:C), indicating that the vulnerability affects resources beyond the vulnerable component, potentially impacting other users or systems. The impact includes partial confidentiality and integrity loss due to script execution in the victim's browser, but no direct availability impact. No known exploits are currently reported in the wild, and no patches or mitigation links are provided yet. Given AEM's role as a content management system widely used by enterprises for web content delivery, exploitation could lead to session hijacking, credential theft, or unauthorized actions performed on behalf of users, especially if administrative or authenticated users are targeted.

For European organizations using Adobe Experience Manager, this vulnerability poses a significant risk to the confidentiality and integrity of web applications and their users. Attackers could exploit the stored XSS to execute malicious scripts that steal session cookies, perform unauthorized actions, or deliver further malware payloads. This can lead to data breaches involving personal data protected under GDPR, reputational damage, and potential regulatory penalties. Since AEM is often used by large enterprises, government agencies, and public sector organizations in Europe for managing critical web content, the impact could extend to disruption of services and erosion of user trust. The requirement for low privileges to exploit increases the threat surface, as even non-administrative users or external attackers with limited access might inject malicious payloads. The necessity for user interaction (visiting the compromised page) means phishing or social engineering could be leveraged to increase exploitation success. The scope change indicates that the vulnerability could affect multiple users or components beyond the initial injection point, amplifying the potential damage.

European organizations should prioritize the following specific mitigation steps: 1) Immediately audit all AEM instances to identify usage of vulnerable versions (6.5.22 and earlier) and plan for urgent upgrades to patched versions once available from Adobe. 2) Implement strict input validation and output encoding on all form fields, especially those accepting user-generated content, to prevent script injection. 3) Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers, limiting the impact of any injected malicious code. 4) Review and tighten user privileges to minimize the ability of low-privileged users to submit potentially malicious content. 5) Monitor web application logs and user activity for unusual input patterns or repeated form submissions that could indicate exploitation attempts. 6) Educate users about the risks of clicking unknown links or visiting suspicious pages to reduce successful exploitation via social engineering. 7) Use web application firewalls (WAFs) with rules tuned to detect and block XSS payloads targeting AEM. 8) Prepare incident response plans to quickly contain and remediate any detected exploitation. These measures go beyond generic advice by focusing on specific controls relevant to AEM environments and the nature of stored XSS attacks.