CVE-2025-47004 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability allows a low-privileged attacker to inject malicious JavaScript code into vulnerable form fields within the AEM environment. When a victim user accesses a page containing the compromised form field, the malicious script executes in their browser context. The vulnerability is classified under CWE-79, which pertains to improper neutralization of input during web page generation. The CVSS v3.1 base score is 5.4 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring low privileges (PR:L), user interaction required (UI:R), scope changed (S:C), and impacts on confidentiality and integrity (C:L/I:L) but no impact on availability (A:N). The scope change means the vulnerability affects components beyond the initially vulnerable component, potentially impacting other parts of the system or user sessions. Stored XSS is particularly dangerous because the malicious payload persists on the server and can affect multiple users without requiring the attacker to target each victim individually. Although no known exploits are currently reported in the wild, the presence of this vulnerability in a widely used enterprise content management system like AEM poses a significant risk. Attackers could leverage this to steal session cookies, perform actions on behalf of users, or deliver further malware. The lack of available patches at the time of publication increases the urgency for organizations to implement mitigations.

For European organizations using Adobe Experience Manager, this vulnerability could lead to unauthorized disclosure of sensitive information, session hijacking, and potential compromise of user accounts or administrative functions. Since AEM is often used to manage corporate websites, intranets, and digital assets, exploitation could result in defacement, data leakage, or reputational damage. The medium CVSS score reflects moderate impact; however, the scope change and stored nature of the XSS increase the risk of widespread impact within affected environments. Organizations handling personal data under GDPR could face compliance risks if user data is exposed or manipulated. Additionally, attackers could use the vulnerability as a foothold for further attacks within the network, especially if administrative users are targeted. The requirement for user interaction (victims must visit the compromised page) means social engineering or phishing may be used to increase exploitation success. The vulnerability's presence in a critical content management platform amplifies its potential impact on business continuity and trust.

1. Immediate mitigation should include reviewing and sanitizing all user input fields in AEM forms to prevent injection of malicious scripts. 2. Implement Content Security Policy (CSP) headers to restrict execution of unauthorized scripts in browsers accessing AEM-managed sites. 3. Restrict privileges of users who can submit or manage content to minimize the risk of malicious input. 4. Monitor web application logs for unusual input patterns or repeated attempts to inject scripts. 5. Educate users and administrators about the risk of clicking on suspicious links or content within AEM portals. 6. Since no patches are currently available, consider isolating or limiting access to vulnerable AEM instances, especially from untrusted networks. 7. Plan for rapid deployment of official patches once released by Adobe. 8. Employ web application firewalls (WAFs) with rules designed to detect and block XSS payloads targeting AEM. 9. Conduct regular security assessments and penetration testing focused on input validation and XSS vulnerabilities within AEM environments.