CVE-2025-47060 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability arises from insufficient input sanitization in certain form fields within AEM, allowing a low-privileged attacker to inject malicious JavaScript code that is persistently stored on the server. When a victim user accesses the affected page containing the malicious payload, the injected script executes in their browser context. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS 3.1 base score is 5.4 (medium severity), with an attack vector of network (remote exploitation), low attack complexity, requiring low privileges, and user interaction (victim must visit the malicious page). The scope is changed, meaning the vulnerability can affect components beyond the initially vulnerable module. The impact affects confidentiality and integrity, as the attacker could steal session tokens, perform actions on behalf of the user, or manipulate displayed content. Availability is not impacted. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was reserved in late April 2025 and published in June 2025. Given AEM's widespread use in enterprise content management and digital experience platforms, this vulnerability poses a significant risk if exploited, especially in environments where users have elevated privileges or access sensitive information through AEM portals.

For European organizations, the impact of this vulnerability can be substantial, particularly for those relying on Adobe Experience Manager for their web content management and digital experience delivery. Exploitation could lead to unauthorized disclosure of sensitive information, such as session cookies or personal data, enabling further attacks like account takeover or data theft. Integrity of displayed content could be compromised, damaging brand reputation and user trust. Since AEM is often used by government agencies, financial institutions, and large enterprises across Europe, successful exploitation could disrupt critical services or lead to regulatory non-compliance under GDPR due to data leakage. The requirement for user interaction (visiting a malicious page) means phishing or social engineering could be leveraged to trigger the attack. The medium CVSS score reflects moderate risk, but the broad deployment of AEM in Europe elevates the overall threat landscape. Organizations with public-facing AEM portals are particularly vulnerable to reputational damage and potential legal consequences if user data is compromised.

European organizations should prioritize the following mitigations: 1) Immediate review and application of any forthcoming security patches from Adobe for AEM 6.5.22 and earlier versions. 2) Implement strict input validation and output encoding on all user-supplied data in AEM forms to prevent script injection, using context-aware encoding libraries. 3) Employ Content Security Policy (CSP) headers to restrict execution of unauthorized scripts in browsers accessing AEM content. 4) Conduct thorough security testing, including automated scanning and manual penetration testing focused on XSS vectors in AEM deployments. 5) Educate users and administrators about phishing risks and the importance of cautious interaction with links in emails or messages. 6) Monitor web server and application logs for unusual input patterns or error messages indicative of attempted exploitation. 7) Where possible, restrict privileges of users who can submit data to vulnerable forms to minimize attack surface. 8) Consider deploying web application firewalls (WAFs) with custom rules to detect and block malicious payloads targeting known vulnerable fields. These measures, combined, will reduce the risk of exploitation until official patches are applied.