CVE-2025-47062 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability arises from insufficient input sanitization in certain form fields within AEM, allowing a low-privileged attacker to inject malicious JavaScript code that is persistently stored on the server. When a victim user accesses a page containing the compromised form field, the malicious script executes in their browser context. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS v3.1 base score is 5.4, reflecting a medium severity level. The vector indicates that the attack can be performed remotely over the network (AV:N) with low attack complexity (AC:L), requires low privileges (PR:L), and needs user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality and integrity (C:L/I:L) but not availability (A:N). No known exploits are currently reported in the wild, and no patches have been linked yet. Stored XSS vulnerabilities are particularly dangerous because they can lead to session hijacking, credential theft, defacement, or distribution of malware to users of the affected web application. Given AEM's role as a content management system widely used by enterprises for web content delivery, exploitation could compromise sensitive user data and damage organizational reputation.

For European organizations using Adobe Experience Manager, this vulnerability poses a significant risk to the confidentiality and integrity of their web applications and user data. Attackers exploiting this flaw could execute arbitrary scripts in the browsers of site visitors, potentially stealing session cookies, redirecting users to malicious sites, or performing unauthorized actions on behalf of users. This could lead to data breaches involving personal data protected under GDPR, resulting in regulatory penalties and loss of customer trust. Additionally, compromised websites could be used as vectors for further attacks or malware distribution. The medium severity score suggests moderate risk, but the real-world impact could be amplified depending on the sensitivity of the data handled by the affected AEM instances and the volume of users. Since the attack requires user interaction (visiting a maliciously crafted page), phishing or social engineering could be used to increase exploitation success. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as attackers often develop exploits soon after vulnerability disclosure.

European organizations should prioritize the following mitigation steps: 1) Immediately identify and inventory all Adobe Experience Manager instances, confirming versions to determine exposure. 2) Apply official Adobe patches or updates as soon as they become available; if patches are not yet released, implement temporary mitigations such as input validation and output encoding on vulnerable form fields to prevent script injection. 3) Employ Web Application Firewalls (WAFs) with rules designed to detect and block common XSS payloads targeting AEM. 4) Conduct thorough security testing, including automated and manual penetration testing focused on XSS vectors in AEM-managed sites. 5) Educate users and administrators about the risks of phishing and social engineering that could facilitate exploitation. 6) Monitor web traffic and logs for unusual activity indicative of attempted or successful exploitation. 7) Implement Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 8) Review and harden user privileges to minimize the impact of low-privilege attackers injecting malicious content. These steps, combined, reduce the likelihood and impact of exploitation beyond generic advice.