CVE-2025-47008 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability arises from insufficient input sanitization in certain form fields within AEM, allowing a low-privileged attacker to inject malicious JavaScript code that is persistently stored on the server. When a victim user accesses a page containing the compromised form field, the malicious script executes in their browser context. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS v3.1 base score is 5.4 (medium severity), with vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, meaning the attack can be launched remotely over the network with low attack complexity, requires low privileges, and user interaction is needed to trigger the script execution. The vulnerability impacts confidentiality and integrity by potentially exposing sensitive information or enabling session hijacking or unauthorized actions on behalf of the victim. Availability is not impacted. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability's scope is changed (S:C), indicating that exploitation can affect resources beyond the vulnerable component, such as user sessions or other parts of the application.

For European organizations using Adobe Experience Manager, this vulnerability poses a moderate risk. AEM is widely used by enterprises and public sector entities across Europe for content management and digital experience delivery. Exploitation could lead to theft of user credentials, session tokens, or other sensitive data, enabling further compromise of internal systems or unauthorized actions within the application. This is particularly concerning for organizations handling personal data under GDPR, as data breaches could lead to regulatory penalties and reputational damage. The requirement for low privileges to exploit means that even non-administrative users or external attackers with limited access could leverage this flaw. The need for user interaction (visiting a maliciously crafted page) suggests that phishing or social engineering could be vectors for exploitation. Given the critical role of AEM in digital services, successful attacks could disrupt business operations, erode customer trust, and expose confidential information.

Organizations should prioritize the following mitigations: 1) Monitor Adobe’s security advisories closely and apply patches or updates as soon as they become available for AEM versions 6.5.22 and earlier. 2) Implement robust input validation and output encoding on all user-supplied data within AEM forms to prevent script injection. 3) Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 4) Conduct regular security assessments and penetration testing focused on web application vulnerabilities, including XSS. 5) Educate users and administrators about phishing risks and safe browsing practices to reduce the likelihood of triggering malicious scripts. 6) Consider deploying Web Application Firewalls (WAFs) with rules tuned to detect and block XSS payloads targeting AEM. 7) Restrict user privileges to the minimum necessary to limit the ability of low-privileged users to inject malicious content. 8) Review and harden AEM configurations to disable or limit vulnerable components or features where possible.