CVE-2025-47117 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability arises from insufficient sanitization of user input in certain form fields, allowing a low-privileged attacker to inject malicious JavaScript code that is stored on the server. When a victim subsequently accesses a page containing the vulnerable form field, the malicious script executes in their browser context. This is a DOM-based XSS, meaning the attack payload manipulates the Document Object Model on the client side, potentially bypassing some traditional server-side input validation mechanisms. The vulnerability requires the attacker to have at least low-level privileges to submit malicious input and requires user interaction (the victim must visit the compromised page). The CVSS 3.1 base score is 5.4 (medium severity), reflecting the network attack vector, low attack complexity, low privileges required, and user interaction needed. The impact includes potential theft of session cookies, user impersonation, defacement, or redirection to malicious sites. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability affects a widely used enterprise content management system that powers many corporate websites and intranets, making it a significant concern for organizations relying on AEM for digital experience management.

For European organizations using Adobe Experience Manager, this vulnerability poses a moderate risk to the confidentiality and integrity of user sessions and data. Attackers could leverage the stored XSS to hijack user sessions, steal sensitive information, or perform actions on behalf of authenticated users, potentially leading to data breaches or unauthorized changes to web content. Given that AEM is often used by large enterprises, government agencies, and public sector organizations in Europe, exploitation could disrupt critical digital services or damage organizational reputation. The medium severity score indicates that while the vulnerability is not trivially exploitable without user interaction, the widespread deployment of AEM in Europe increases the attack surface. Additionally, the scope is broad since the vulnerability affects all versions up to 6.5.22, and many organizations may not have updated to the latest versions. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits once patches are released or if the vulnerability details become widely known.

European organizations should prioritize the following mitigation steps: 1) Immediately audit their Adobe Experience Manager installations to identify affected versions (6.5.22 and earlier). 2) Apply official patches or updates from Adobe as soon as they become available. In the absence of patches, implement temporary mitigations such as input validation and output encoding on all user-supplied data in form fields to prevent script injection. 3) Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 4) Conduct thorough security testing of AEM instances, including penetration testing focused on XSS vulnerabilities. 5) Educate users and administrators about the risks of clicking on suspicious links or interacting with untrusted content within AEM-powered sites. 6) Monitor web server and application logs for unusual input patterns or error messages that may indicate attempted exploitation. 7) Limit privileges of users who can submit content to minimize the risk from low-privileged attackers. 8) Consider implementing Web Application Firewalls (WAFs) with rules designed to detect and block XSS payloads targeting AEM.