CVE-2025-64541 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Experience Manager (AEM) versions 6.5.23 and earlier. Stored XSS vulnerabilities occur when malicious scripts are permanently stored on target servers, such as within form fields, and later executed in the browsers of users who access the affected content. In this case, a low-privileged attacker can inject JavaScript code into vulnerable input fields within AEM-managed web pages. When legitimate users browse these pages, the malicious script executes in their browsers, potentially allowing the attacker to steal session cookies, perform actions on behalf of the user, or redirect users to malicious sites. The vulnerability requires user interaction (browsing to the affected page) and some level of privilege to inject the payload, but does not require administrative access. The CVSS 3.1 base score is 5.4, indicating medium severity, with the vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This means the attack can be performed remotely over the network with low attack complexity, requires low privileges, and user interaction is necessary. The scope is changed, indicating that the vulnerability affects components beyond the initially vulnerable component, impacting confidentiality and integrity but not availability. No patches or exploit code are currently publicly available, and no known active exploitation has been reported. However, given the widespread use of Adobe Experience Manager in enterprise content management and digital experience delivery, the vulnerability could be leveraged for targeted attacks, especially against organizations with public-facing web portals. The vulnerability aligns with CWE-79, a common and well-understood web application security weakness. Organizations should prioritize remediation once patches are released and implement compensating controls to reduce risk in the interim.

For European organizations, this vulnerability poses a moderate risk primarily to confidentiality and integrity of user sessions and data. Exploitation could lead to session hijacking, unauthorized actions performed in the context of legitimate users, or phishing attacks via malicious redirects. Organizations relying on Adobe Experience Manager for public-facing websites or intranet portals are particularly vulnerable, as attackers can target employees or customers who access these pages. The impact is heightened in sectors with sensitive data or regulatory requirements, such as finance, healthcare, and government, where compromised user sessions could lead to data breaches or fraud. Although availability is not affected, reputational damage and compliance violations could result from successful exploitation. The requirement for low privileges and user interaction means the attack vector is feasible but not trivial, limiting mass exploitation but enabling targeted spear-phishing or insider threats. European organizations with large digital footprints and customer-facing web services should consider this vulnerability a significant concern until mitigated.

1. Apply official Adobe patches immediately upon release to remediate the vulnerability. 2. In the absence of patches, implement strict input validation on all form fields to reject or sanitize potentially malicious scripts. 3. Employ robust output encoding (e.g., HTML entity encoding) on all user-supplied content before rendering it in web pages to prevent script execution. 4. Utilize Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 5. Conduct regular security assessments and penetration testing focused on XSS vulnerabilities within AEM deployments. 6. Monitor web server and application logs for unusual input patterns or suspicious activity indicative of attempted XSS exploitation. 7. Educate users about the risks of clicking suspicious links and encourage reporting of anomalous website behavior. 8. Limit privileges of users who can submit content to minimize the risk of malicious input injection. 9. Consider implementing web application firewalls (WAFs) with rules specifically designed to detect and block XSS payloads targeting AEM. 10. Review and harden AEM configurations to disable or restrict features that allow untrusted input to be stored and rendered.