CVE-2025-47032 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability arises from insufficient sanitization of user-supplied input in certain form fields, allowing a low-privileged attacker to inject malicious JavaScript code that is stored on the server. When a victim subsequently visits a page containing the vulnerable form field, the malicious script executes in their browser context. This DOM-based XSS attack can lead to the theft of session cookies, user impersonation, unauthorized actions on behalf of the user, or redirection to malicious sites. The vulnerability has a CVSS v3.1 base score of 5.4, indicating medium severity. The vector string (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) shows that the attack can be launched remotely over the network with low attack complexity, requires low privileges but does require user interaction (the victim must visit the malicious page). The scope is changed (S:C), meaning the vulnerability affects components beyond the vulnerable component itself. Confidentiality and integrity impacts are low, while availability is not affected. No known exploits are currently reported in the wild, and no patches have been linked yet. Given AEM’s role as a content management system widely used by enterprises for web content delivery, this vulnerability could be leveraged to compromise user trust and facilitate further attacks such as phishing or session hijacking.

For European organizations, especially those using Adobe Experience Manager for managing public-facing websites or internal portals, this vulnerability poses a risk of client-side compromise. Attackers could exploit the vulnerability to execute malicious scripts in the browsers of employees, customers, or partners, potentially leading to credential theft, unauthorized access, or defacement of web content. This could damage organizational reputation, lead to regulatory non-compliance (e.g., GDPR breaches if personal data is compromised), and disrupt business operations. Since the vulnerability requires user interaction, phishing campaigns or social engineering could be used to lure victims to the maliciously crafted pages. The medium severity score reflects a moderate risk, but the widespread use of AEM in sectors such as government, finance, and healthcare in Europe increases the potential impact. Additionally, the vulnerability’s ability to affect the integrity of displayed content could undermine trust in digital services.

Organizations should immediately review their Adobe Experience Manager installations and identify if they are running version 6.5.22 or earlier. Until official patches are released, implement strict input validation and output encoding on all user-supplied data in form fields to prevent script injection. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Monitor web application logs for unusual input patterns or attempts to inject scripts. Educate users about the risks of clicking on suspicious links and implement multi-factor authentication to reduce the impact of stolen credentials. Regularly update and patch AEM as soon as Adobe releases a fix. Consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block XSS payloads targeting known vulnerable endpoints. Conduct security testing, including automated scanning and manual penetration testing focused on XSS vectors, to identify and remediate similar vulnerabilities proactively.