CVE-2025-54272 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Experience Manager (AEM) versions 11.6 and earlier. This vulnerability arises from insufficient input sanitization in form fields, allowing a low-privileged attacker to inject malicious JavaScript code that is persistently stored on the server. When a victim user accesses the affected page containing the injected script, the malicious code executes in their browser context. This can lead to unauthorized actions such as session hijacking, credential theft, or unauthorized manipulation of web content. The attack requires user interaction, specifically the victim clicking on a crafted malicious link that leads to the vulnerable form. The vulnerability has a CVSS 3.1 base score of 5.4, indicating medium severity, with vector metrics AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This means the attack is network exploitable with low attack complexity, requires low privileges, user interaction, and impacts confidentiality and integrity with a changed scope. No public exploits have been reported yet, but the vulnerability poses a tangible risk to organizations relying on AEM for content management and digital experience delivery. The lack of available patches at the time of reporting necessitates immediate mitigation efforts to reduce exposure.

For European organizations, this vulnerability could lead to unauthorized disclosure of sensitive information and manipulation of web content served by Adobe Experience Manager. Attackers exploiting this flaw can steal session cookies, impersonate users, or perform actions on behalf of victims, potentially leading to data breaches or reputational damage. Given AEM's widespread use in government portals, financial institutions, and large enterprises across Europe, the impact could be significant, especially for sectors handling personal data under GDPR. The vulnerability does not directly affect system availability but compromises confidentiality and integrity, which can disrupt trust and compliance. The requirement for user interaction limits mass exploitation but targeted phishing campaigns could be effective. Organizations with public-facing AEM instances are particularly vulnerable, as attackers can craft malicious links to lure users into triggering the exploit.

European organizations should immediately audit their Adobe Experience Manager deployments to identify affected versions (11.6 and earlier). Until an official patch is released, implement strict input validation and output encoding on all form fields to prevent script injection. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting AEM forms. Conduct user awareness training to reduce the risk of users clicking on malicious links. Monitor web server and application logs for unusual activity indicative of exploitation attempts. Restrict privileges of users who can submit content to minimize the attack surface. Consider isolating or disabling vulnerable form functionalities temporarily if feasible. Stay updated with Adobe security advisories for patch releases and apply them promptly once available. Additionally, implement Content Security Policy (CSP) headers to restrict execution of unauthorized scripts in browsers.