CVE-2025-47075 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability arises from insufficient input sanitization in certain form fields within the AEM platform, allowing a low-privileged attacker to inject malicious JavaScript code that is persistently stored on the server. When a victim user accesses a page containing the vulnerable form field, the malicious script executes in their browser context. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS v3.1 base score is 5.4 (medium severity), with vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, meaning the attack can be performed remotely over the network, requires low attack complexity, low privileges, and user interaction, and impacts confidentiality and integrity with a scope change but does not affect availability. The vulnerability allows attackers to potentially steal session cookies, perform actions on behalf of users, or manipulate displayed content, leading to information disclosure and integrity violations. No known exploits are currently reported in the wild, and no official patches have been linked yet. Given AEM's role as a content management system widely used by enterprises for web content delivery, exploitation could impact web application users and administrators.

For European organizations using Adobe Experience Manager, this vulnerability poses a significant risk to the confidentiality and integrity of web applications and their users. Attackers exploiting this flaw could hijack user sessions, steal sensitive information, or conduct phishing attacks by injecting malicious scripts that alter web page content. This could lead to reputational damage, regulatory non-compliance (e.g., GDPR violations due to data leakage), and potential financial losses. Since AEM is often used by government agencies, financial institutions, and large enterprises in Europe to manage public-facing and internal websites, the impact could extend to critical services and sensitive data exposure. The requirement for user interaction (victim visiting the compromised page) means social engineering or phishing campaigns could be used to increase exploitation success. The scope change in the CVSS vector indicates that the vulnerability affects resources beyond the initially vulnerable component, potentially allowing attackers to escalate privileges or access additional data within the application context.

European organizations should immediately audit their Adobe Experience Manager deployments to identify affected versions (6.5.22 and earlier). Until an official patch is released, organizations should implement strict input validation and output encoding on all user-supplied data in AEM forms to prevent script injection. Web Application Firewalls (WAFs) should be configured with rules to detect and block common XSS payloads targeting AEM. Additionally, organizations should enforce Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. User awareness training should be enhanced to reduce the risk of social engineering attacks that could lead users to malicious pages. Monitoring and logging should be intensified to detect unusual user activity or script injections. Finally, organizations should plan for rapid deployment of Adobe's official security updates once available and consider isolating or restricting access to vulnerable AEM instances to trusted networks until patched.