CVE-2025-47072 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability arises from insufficient input sanitization in certain form fields, allowing a low-privileged attacker to inject malicious JavaScript code that is persistently stored on the server. When a victim user accesses a page containing the compromised form field, the malicious script executes within their browser context. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS v3.1 base score is 5.4 (medium severity), with vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, meaning the attack can be performed remotely over the network with low attack complexity, requires low privileges, and user interaction is necessary (the victim must visit the affected page). The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially vulnerable component, and the impact affects confidentiality and integrity to a limited extent but does not affect availability. No known exploits are currently reported in the wild, and no patches have been linked yet. However, given the nature of stored XSS, attackers could leverage this vulnerability to steal session tokens, perform actions on behalf of users, or conduct phishing attacks within the trusted domain of the affected AEM instance.

For European organizations using Adobe Experience Manager, this vulnerability poses a moderate risk. AEM is widely used by enterprises and public sector organizations across Europe for content management and digital experience delivery. Exploitation could lead to unauthorized disclosure of sensitive information, session hijacking, or manipulation of web content, undermining user trust and potentially leading to reputational damage. Public-facing AEM instances, especially those handling sensitive user data or internal portals, are at higher risk. The requirement for user interaction means phishing or social engineering could be combined with this vulnerability to increase impact. Additionally, the scope change indicates that the vulnerability could affect multiple components or users beyond the initial entry point, amplifying potential damage. While availability is not impacted, the confidentiality and integrity breaches could have regulatory implications under GDPR if personal data is exposed or manipulated.

European organizations should prioritize the following mitigations: 1) Immediately review and restrict user input in all AEM form fields, applying strict input validation and output encoding to prevent script injection. 2) Implement Content Security Policy (CSP) headers to restrict execution of unauthorized scripts on affected pages. 3) Monitor and audit AEM logs for suspicious input patterns or unexpected script content. 4) Educate users and administrators about the risks of clicking on untrusted links or submitting untrusted content. 5) Segregate AEM environments and limit administrative privileges to reduce the impact of a compromised low-privilege account. 6) Stay alert for official Adobe patches or updates addressing CVE-2025-47072 and apply them promptly upon release. 7) Consider deploying Web Application Firewalls (WAF) with rules targeting common XSS payloads to provide an additional layer of defense. 8) Conduct regular security assessments and penetration testing focused on input validation and stored XSS vectors within AEM implementations.