CVE-2025-47047 is a stored DOM-based Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability allows a low-privileged attacker to inject malicious JavaScript code into vulnerable form fields within the AEM platform. When a victim user accesses a page containing the compromised form field, the malicious script executes in their browser context. The vulnerability is classified under CWE-79, which pertains to improper neutralization of input leading to XSS. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), and low privileges (PR:L), but does require user interaction (UI:R) such as visiting the affected page. The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially vulnerable component. The impact includes limited confidentiality and integrity loss (C:L, I:L) but no impact on availability (A:N). No known exploits are currently in the wild, and no official patches have been linked yet. The vulnerability was reserved on April 30, 2025, and published on June 10, 2025, with a CVSS v3.1 base score of 5.4, categorized as medium severity. Stored XSS in a content management system like AEM is particularly concerning because injected scripts can persist and affect multiple users, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of users. Given AEM's role in managing web content and digital assets, exploitation could compromise the integrity of websites and the confidentiality of user data.

For European organizations using Adobe Experience Manager, this vulnerability poses a risk to the confidentiality and integrity of their web applications and user data. Attackers exploiting this flaw could execute malicious scripts in the browsers of employees, customers, or partners, potentially leading to session hijacking, theft of sensitive information, or unauthorized actions within the affected web applications. This could damage organizational reputation, lead to regulatory non-compliance under GDPR due to data breaches, and disrupt business operations. Since AEM is widely used by enterprises, government agencies, and large institutions across Europe for managing digital content and customer experiences, the impact could be significant if exploited at scale. The requirement for low privileges to inject the script lowers the barrier for attackers, increasing risk. However, the need for user interaction (visiting the malicious page) somewhat limits automated exploitation. The absence of known exploits in the wild currently reduces immediate threat but does not eliminate future risk. Organizations in sectors such as finance, healthcare, public administration, and e-commerce, which rely heavily on AEM for customer-facing portals, are particularly vulnerable to reputational and operational damage from such attacks.

European organizations should prioritize the following specific mitigation steps: 1) Immediately audit all Adobe Experience Manager instances to identify versions 6.5.22 and earlier and plan for urgent upgrades to patched versions once available. 2) Implement strict input validation and output encoding on all form fields within AEM to prevent injection of malicious scripts, leveraging Content Security Policy (CSP) headers to restrict script execution sources. 3) Conduct thorough security testing, including automated and manual penetration tests focused on XSS vectors in AEM-managed content. 4) Educate users and administrators about the risk of clicking untrusted links or visiting suspicious pages hosted on AEM platforms. 5) Monitor web application logs and user activity for unusual behavior indicative of XSS exploitation attempts. 6) Employ web application firewalls (WAFs) with rules specifically tuned to detect and block XSS payloads targeting AEM. 7) Establish a rapid patch management process to deploy Adobe security updates as soon as they are released. 8) Consider isolating critical AEM instances behind additional authentication layers or network segmentation to reduce exposure. These measures go beyond generic advice by focusing on the unique context of AEM deployments and the specific nature of stored DOM-based XSS.