CVE-2025-47066 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability arises due to insufficient input sanitization in certain form fields within AEM, allowing a low-privileged attacker to inject malicious JavaScript code that is persistently stored on the server. When a victim user accesses the affected page containing the maliciously crafted input, the embedded script executes in their browser context. This can lead to unauthorized actions such as session hijacking, credential theft, or performing actions on behalf of the victim within the scope of the affected web application. The vulnerability requires low privileges to exploit but does require user interaction, as the victim must visit the compromised page for the script to execute. The CVSS 3.1 base score is 5.4 (medium severity), reflecting the network attack vector, low attack complexity, low privileges required, but requiring user interaction and resulting in limited confidentiality and integrity impact without availability impact. The vulnerability is scoped, meaning it affects components beyond the vulnerable component itself. No known exploits are currently reported in the wild, and no patches have been linked yet. Given AEM's role as a content management system widely used by enterprises for web content delivery, exploitation could facilitate further attacks such as phishing, data theft, or lateral movement within the victim organization.

For European organizations, the impact of this vulnerability can be significant given the widespread use of Adobe Experience Manager in government, financial, healthcare, and large enterprise sectors across Europe. Exploitation could lead to the compromise of sensitive user data, including personal identifiable information (PII) protected under GDPR, resulting in regulatory penalties and reputational damage. Attackers could leverage the XSS to conduct targeted phishing campaigns or implant malware, potentially disrupting business operations or enabling further compromise of internal systems. The persistent nature of stored XSS increases the risk as malicious scripts remain active until detected and removed. Additionally, the scoped nature of the vulnerability could allow attackers to affect multiple components or users within the organization’s web infrastructure. Although the vulnerability requires user interaction, the risk remains elevated in environments with high web traffic and diverse user bases. Organizations relying on AEM for public-facing websites or intranet portals are particularly at risk.

To mitigate this vulnerability, European organizations should prioritize the following actions: 1) Monitor Adobe’s official security advisories closely and apply patches or updates as soon as they become available. 2) Implement strict input validation and output encoding on all form fields within AEM, especially those exposed to external users, to prevent injection of malicious scripts. 3) Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 4) Conduct regular security audits and penetration testing focused on web application vulnerabilities, including XSS. 5) Educate users and administrators about the risks of XSS and encourage cautious behavior when interacting with web content. 6) Use web application firewalls (WAFs) configured to detect and block common XSS attack patterns targeting AEM. 7) Review and restrict user privileges within AEM to minimize the potential for low-privileged users to inject malicious content. 8) Implement logging and monitoring to detect anomalous activities related to form submissions and script execution. These measures combined will reduce the attack surface and improve detection and response capabilities.