CVE-2025-64572 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Experience Manager (AEM) versions 6.5.23 and earlier. This vulnerability arises from insufficient sanitization of user input in certain form fields, allowing a low-privileged attacker to inject malicious JavaScript code that is stored on the server and later executed in the browsers of users who access the affected pages. The attack vector is network-based, requiring the attacker to have some level of privileges (PR:L) and user interaction (UI:R) to trigger the malicious script execution. The vulnerability impacts confidentiality and integrity by enabling theft of session cookies, credentials, or manipulation of displayed content, but does not affect availability. The CVSS 3.1 base score is 5.4, indicating medium severity, with the scope changed (S:C) meaning the vulnerability can affect resources beyond the initially vulnerable component. No public exploits or active exploitation in the wild have been reported to date. Adobe has not yet released patches, but organizations are advised to monitor for updates. The vulnerability is classified under CWE-79, a common and well-understood XSS weakness. Given AEM’s role in managing digital content and user interactions, exploitation could lead to significant reputational damage and data leakage if attackers successfully execute malicious scripts within trusted web applications.

For European organizations, the impact of CVE-2025-64572 can be significant, particularly for those relying on Adobe Experience Manager as a core component of their digital content management and customer engagement platforms. Exploitation could lead to unauthorized access to sensitive information such as session tokens, personal data, or internal communications, potentially violating GDPR and other data protection regulations. The integrity of web content could be compromised, misleading users or damaging brand reputation. Although availability is not directly impacted, the indirect effects of data breaches or defacement could disrupt business operations. Sectors such as finance, government, healthcare, and large enterprises with public-facing AEM deployments are particularly at risk. The medium severity rating suggests that while the vulnerability is not critical, it should be addressed promptly to prevent escalation or combined attacks. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as attackers often develop exploits after public disclosure.

1. Apply official Adobe patches or updates as soon as they become available to address CVE-2025-64572. 2. Until patches are released, implement strict input validation and output encoding on all user-supplied data in AEM forms to prevent script injection. 3. Deploy Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of potential XSS attacks. 4. Conduct regular security audits and code reviews focusing on input handling in AEM components. 5. Monitor web server and application logs for unusual activity or script injection attempts. 6. Educate developers and administrators on secure coding practices related to XSS vulnerabilities. 7. Consider using Web Application Firewalls (WAFs) with rules tailored to detect and block XSS payloads targeting AEM. 8. Limit user privileges where possible to reduce the attack surface and potential for malicious input submission. 9. Implement multi-factor authentication (MFA) to protect user accounts that could be targeted via session hijacking. 10. Maintain an incident response plan to quickly address any detected exploitation attempts.