CVE-2025-47113 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability allows a low-privileged attacker to inject malicious JavaScript code into vulnerable form fields within the AEM interface. When a victim user accesses a page containing the injected malicious script, the script executes in their browser context. Stored XSS differs from reflected XSS in that the malicious payload is permanently stored on the server (e.g., in a database or content repository) and served to users who visit the affected page, increasing the attack's persistence and reach. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS v3.1 base score is 5.4 (medium severity), with vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, meaning the attack can be performed remotely over the network with low attack complexity, requires low privileges, and user interaction is needed to trigger the payload. The vulnerability impacts confidentiality and integrity by potentially allowing theft of session cookies, credentials, or execution of unauthorized actions on behalf of the victim user. No known exploits are currently reported in the wild, and no official patches or mitigation links are provided yet. The vulnerability was reserved in late April 2025 and published in June 2025, indicating recent discovery and disclosure.

For European organizations using Adobe Experience Manager, this vulnerability poses a significant risk, especially for those hosting public-facing websites or intranet portals where multiple users interact with AEM-managed content. Exploitation could lead to session hijacking, unauthorized actions, or data theft, undermining user trust and potentially violating data protection regulations such as the GDPR. The persistence of stored XSS means that once injected, malicious scripts can affect many users over time until remediated. This could lead to reputational damage, regulatory fines, and operational disruptions. Organizations in sectors like government, finance, healthcare, and media, which often use AEM for content management, may be particularly impacted. The requirement for low privileges to inject scripts lowers the barrier for attackers, increasing the threat surface. Although no active exploits are known yet, the medium severity score and widespread use of AEM in Europe warrant prompt attention.

1. Immediate mitigation should include auditing all user input fields in AEM forms to identify and sanitize or encode inputs properly to prevent script injection. 2. Implement Content Security Policy (CSP) headers to restrict execution of unauthorized scripts in browsers. 3. Limit privileges of users who can submit or edit content to reduce the risk of malicious input. 4. Monitor logs and user activity for suspicious input patterns or anomalous behavior. 5. Apply any forthcoming official patches from Adobe as soon as they are released. 6. Consider deploying Web Application Firewalls (WAFs) with rules targeting common XSS payloads to provide an additional layer of defense. 7. Educate content editors and administrators about the risks of injecting untrusted content and enforce strict content validation policies. 8. Regularly review and update AEM configurations to minimize exposure of vulnerable components.