CVE-2025-47050 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability arises from insufficient input sanitization in certain form fields within AEM, allowing a low-privileged attacker to inject malicious JavaScript code that is persistently stored on the server. When a victim user accesses the affected page containing the maliciously crafted form field, the injected script executes in their browser context. This DOM-based XSS (CWE-79) can lead to unauthorized actions performed on behalf of the victim, theft of session cookies, or other sensitive information disclosure. The vulnerability has a CVSS 3.1 base score of 5.4, indicating a medium severity level. The attack vector is network-based (AV:N), requires low privileges (PR:L), and user interaction (UI:R) to trigger the exploit. The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. Currently, there are no known exploits in the wild and no patches publicly available, which suggests that organizations using vulnerable AEM versions should prioritize mitigation and monitoring. Given AEM's role as a content management system widely used for enterprise web content delivery, exploitation could impact the integrity and confidentiality of user sessions and data, potentially undermining trust and compliance obligations.

For European organizations, the impact of this vulnerability can be significant, especially for those relying on Adobe Experience Manager to manage public-facing websites or internal portals. Exploitation could lead to session hijacking, unauthorized actions on behalf of users, and leakage of sensitive information such as personal data, which is critical under GDPR regulations. This could result in reputational damage, regulatory fines, and operational disruptions. Since AEM is often used by government agencies, financial institutions, and large enterprises across Europe, a successful attack could compromise sensitive citizen or customer data. Additionally, the vulnerability could be leveraged as a foothold for further attacks within the organization’s network if combined with social engineering or phishing campaigns. The requirement for user interaction means that phishing or targeted social engineering could increase the risk of exploitation. The medium severity reflects the balance between the ease of exploitation and the potential impact on confidentiality and integrity, with availability not affected.

Organizations should immediately review their Adobe Experience Manager deployments and identify versions at or below 6.5.22. Although no official patches are currently available, administrators should implement strict input validation and output encoding on all form fields to prevent script injection. Employing Content Security Policy (CSP) headers can help mitigate the impact by restricting the execution of unauthorized scripts. Regularly audit and sanitize stored content to detect and remove any malicious scripts. Monitoring web server logs and user activity for unusual patterns can help detect attempted exploitation. Additionally, user education to recognize phishing attempts and suspicious links is important due to the requirement for user interaction. Organizations should subscribe to Adobe security advisories for timely patch releases and apply updates promptly once available. Where feasible, consider isolating AEM instances from critical internal networks to limit lateral movement if exploitation occurs.