CVE-2025-47085 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability arises from insufficient input sanitization in certain form fields, allowing a low-privileged attacker to inject malicious JavaScript code that is persistently stored on the server. When a victim user accesses the affected page containing the injected script, the malicious code executes within their browser context. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS v3.1 base score is 5.4 (medium severity), with the vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, meaning the attack can be performed remotely over the network with low attack complexity, requires low privileges, and user interaction is needed to trigger the payload. The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially vulnerable component, potentially impacting other users or components. The impact includes limited confidentiality and integrity loss but no availability impact. No known exploits are currently reported in the wild, and no patches or mitigation links have been published yet. Stored XSS vulnerabilities in AEM are particularly concerning because AEM is widely used by enterprises and governments for content management and digital experience delivery, making exploitation a vector for session hijacking, credential theft, or delivering further malware.

For European organizations using Adobe Experience Manager, this vulnerability poses a significant risk to web application security and user trust. Exploitation could lead to unauthorized access to sensitive information through session hijacking or theft of authentication tokens, potentially compromising user accounts and internal systems. Given AEM's role in managing digital content and customer interactions, successful attacks could damage brand reputation, violate data protection regulations such as GDPR, and lead to financial and legal consequences. The vulnerability's requirement for low privileges to exploit increases the risk from insider threats or compromised low-level accounts. Additionally, the cross-site scripting could be used as a foothold for further attacks within the network, especially in environments where AEM interfaces with other critical systems. The lack of available patches at the time of disclosure increases the urgency for organizations to implement interim mitigations.

European organizations should immediately review and restrict access controls to AEM administrative and content authoring interfaces, ensuring that only trusted users have low-privilege access that could be leveraged for injection. Implement strict input validation and output encoding on all form fields, particularly those exposed to external users, to prevent malicious script injection. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers. Monitor web application logs for unusual input patterns or repeated attempts to inject scripts. Where possible, isolate AEM instances from critical internal networks to limit lateral movement if exploitation occurs. Organizations should also prepare for rapid deployment of official Adobe patches once released and consider virtual patching via web application firewalls (WAFs) with custom rules targeting suspicious payloads. User awareness training to recognize suspicious behaviors and prompt reporting can further reduce risk. Finally, conduct regular security assessments and penetration testing focused on XSS vulnerabilities in AEM deployments.