CVE-2025-47027 is a stored DOM-based Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability allows a low-privileged attacker to inject malicious JavaScript code into vulnerable form fields within the AEM interface. When a victim user accesses a page containing the compromised form field, the injected script executes in their browser context. The vulnerability arises from insufficient input validation and output encoding in the handling of user-supplied data within the AEM web application, enabling persistent script injection. The attack vector is remote network access (AV:N), requires low privileges (PR:L), and user interaction (UI:R) to trigger the malicious payload. The scope is changed (S:C), meaning the vulnerability can affect resources beyond the initially vulnerable component. The impact includes limited confidentiality and integrity loss, as the attacker can execute arbitrary scripts potentially stealing session tokens, performing actions on behalf of the user, or manipulating displayed content. Availability is not impacted. No known exploits are currently observed in the wild, and no official patches have been linked yet. The CVSS 3.1 base score is 5.4 (medium severity), reflecting the moderate risk posed by this vulnerability given the ease of exploitation and potential impact on users interacting with affected pages.

For European organizations using Adobe Experience Manager, this vulnerability poses a moderate risk. AEM is widely used by enterprises, government agencies, and public sector organizations across Europe for content management and digital experience delivery. Successful exploitation could lead to session hijacking, unauthorized actions performed in the context of authenticated users, and potential data leakage of sensitive information displayed or accessible via the affected web pages. This could undermine user trust, lead to data protection compliance issues under GDPR, and damage organizational reputation. Since the vulnerability requires user interaction, phishing or social engineering could be leveraged to increase exploitation success. Public-facing AEM instances are particularly at risk, especially those hosting portals or intranet sites accessed by employees or customers. The lack of known exploits currently reduces immediate risk but does not eliminate the threat, especially as attackers often develop exploits rapidly after vulnerability disclosure.

European organizations should prioritize the following mitigations: 1) Immediately review and restrict user input fields in AEM to ensure proper input validation and output encoding, especially in form fields exposed to low-privileged users. 2) Implement Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce XSS impact. 3) Monitor and audit AEM logs for suspicious input patterns or anomalous user behavior indicative of attempted exploitation. 4) Educate users and administrators about the risk of phishing and social engineering that could trigger malicious scripts. 5) Apply any forthcoming official Adobe patches or updates promptly once released. 6) Consider deploying Web Application Firewalls (WAF) with rules targeting known XSS attack patterns to provide an additional layer of defense. 7) Conduct security testing and code reviews focused on XSS vulnerabilities within custom AEM components or templates. These steps go beyond generic advice by focusing on proactive input validation, layered defenses, and user awareness tailored to the AEM environment.