CVE-2025-47012 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability arises from insufficient input sanitization in certain form fields within AEM, allowing a low-privileged attacker to inject malicious JavaScript code that is persistently stored on the server. When a victim subsequently visits a page containing the compromised form field, the malicious script executes in their browser context. This can lead to unauthorized actions such as session hijacking, credential theft, or unauthorized changes to content or configurations within the AEM environment. The vulnerability has a CVSS 3.1 base score of 5.4, indicating a medium severity level. The attack vector is network-based with low attack complexity, requiring low privileges but some user interaction (victim visiting the page). The scope is changed, meaning the vulnerability affects components beyond the initially vulnerable component, potentially impacting confidentiality and integrity but not availability. No known exploits are currently reported in the wild, and no patches have been linked yet. Given AEM's role as a content management system widely used for digital experience delivery, exploitation could compromise the integrity of web content and user trust.

For European organizations, the impact of this vulnerability can be significant, especially for those relying on Adobe Experience Manager to manage public-facing websites, intranets, or customer portals. Exploitation could lead to the injection of malicious scripts that compromise user data confidentiality, manipulate displayed content, or facilitate further attacks such as phishing or session hijacking. This could result in reputational damage, regulatory non-compliance (e.g., GDPR violations due to data leakage), and operational disruptions. Organizations in sectors such as finance, government, healthcare, and e-commerce, which often use AEM for critical digital services, may face increased risks. Additionally, the cross-site scripting nature of the vulnerability can be leveraged to target employees or customers, potentially leading to broader network compromise or data breaches.

To mitigate this vulnerability, European organizations should: 1) Immediately review and restrict access permissions to AEM form fields to minimize exposure to low-privileged users. 2) Implement rigorous input validation and output encoding on all user-supplied data within AEM forms to prevent script injection. 3) Monitor and audit AEM logs for unusual input patterns or suspicious activity indicative of attempted exploitation. 4) Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 5) Isolate AEM environments from critical internal networks to limit lateral movement if exploitation occurs. 6) Stay alert for official Adobe patches or security advisories and apply updates promptly once available. 7) Conduct security awareness training for administrators and content managers to recognize and prevent injection of malicious content. 8) Use web application firewalls (WAFs) with rules tailored to detect and block XSS payloads targeting AEM.