CVE-2025-61797 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79 that affects Adobe Experience Manager (AEM) versions 11.6 and earlier. This vulnerability allows a low-privileged attacker to inject malicious JavaScript code into vulnerable form fields within the AEM platform. When a victim user accesses a page containing the injected script, the malicious code executes in their browser context, potentially leading to theft of session tokens, user impersonation, or unauthorized actions within the web application. The attack requires user interaction, specifically the victim must open a maliciously crafted link to trigger the payload. The CVSS 3.1 base score is 5.4, indicating medium severity, with vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This means the attack can be launched remotely over the network with low attack complexity and low privileges, but requires user interaction. The scope is changed, implying the vulnerability affects components beyond the initially vulnerable module, potentially impacting other parts of the system or user sessions. No public exploits have been reported yet, but the vulnerability poses a risk to confidentiality and integrity of user data. Since AEM is widely used for enterprise content management and digital experience delivery, exploitation could lead to significant data leakage or session hijacking. The absence of patch links suggests that fixes may be pending or not yet publicly released, emphasizing the need for vigilance and interim mitigations.

For European organizations, this vulnerability presents a moderate risk primarily to confidentiality and integrity of web application data and user sessions. Adobe Experience Manager is commonly used by large enterprises, government agencies, and digital service providers across Europe to manage web content and customer experiences. Successful exploitation could allow attackers to steal sensitive user information, hijack sessions, or perform unauthorized actions within the affected web portals. This could lead to data breaches, reputational damage, and compliance violations under regulations such as GDPR. The requirement for user interaction limits the attack vector but does not eliminate risk, especially in environments with high user traffic or where phishing attacks are common. The scope change indicates potential for broader impact beyond the initial vulnerable component, possibly affecting integrated systems or services. Organizations relying heavily on AEM for public-facing or internal portals should consider this vulnerability a significant concern. The lack of known exploits in the wild reduces immediate threat but does not preclude future exploitation attempts.

1. Apply patches or updates from Adobe as soon as they become available to address CVE-2025-61797. 2. Implement strict input validation and sanitization on all form fields within Adobe Experience Manager to prevent injection of malicious scripts. 3. Deploy Content Security Policy (CSP) headers to restrict execution of unauthorized scripts in browsers. 4. Conduct regular security assessments and penetration testing focused on XSS vulnerabilities in AEM deployments. 5. Educate users about the risks of clicking on suspicious links to reduce the likelihood of successful user interaction exploitation. 6. Monitor web application logs and user activity for signs of suspicious behavior or attempted exploitation. 7. Consider using web application firewalls (WAFs) with rules tailored to detect and block XSS payloads targeting AEM. 8. Review and restrict privileges of users who can submit content to minimize the risk posed by low-privileged attackers. 9. Isolate critical AEM instances and limit exposure to the internet where possible to reduce attack surface.