CVE-2025-64580 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Experience Manager (AEM), specifically affecting versions 6.5.23 and earlier. Stored XSS vulnerabilities occur when malicious input is saved by the application and later rendered in users' browsers without proper sanitization or encoding. In this case, a low-privileged attacker can inject malicious JavaScript code into vulnerable form fields within AEM. When other users access pages containing these fields, the injected scripts execute in their browsers, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim. The vulnerability requires the attacker to have some level of access to submit data (low privilege) and relies on user interaction to trigger the malicious script execution. The CVSS 3.1 base score is 5.4, indicating medium severity, with the vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This means the attack can be performed remotely over the network with low attack complexity, requires low privileges, and user interaction is necessary. The scope is changed, indicating that the vulnerability affects resources beyond the initially vulnerable component. The impact on confidentiality and integrity is low, while availability is not affected. No patches are currently linked, and no known exploits have been reported in the wild as of the publication date (December 10, 2025). Adobe Experience Manager is widely used by enterprises for web content management, making this vulnerability relevant for organizations relying on AEM for their digital presence.

For European organizations, this vulnerability poses a risk primarily to the confidentiality and integrity of user sessions and data handled through Adobe Experience Manager portals. Exploitation could allow attackers to steal session cookies, perform actions on behalf of authenticated users, or deliver further malicious payloads such as ransomware or phishing. This can lead to data breaches, reputational damage, and regulatory non-compliance, especially under GDPR requirements for protecting personal data. Since AEM is often used by government agencies, financial institutions, and large enterprises in Europe, successful exploitation could disrupt critical services or expose sensitive information. The medium severity score reflects that while the attack requires user interaction and low privileges, the potential for lateral movement or privilege escalation exists if combined with other vulnerabilities. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits once patches are released or if organizations delay remediation.

1. Monitor Adobe's official channels for patches or security updates addressing CVE-2025-64580 and apply them promptly once available. 2. Implement strict input validation and output encoding on all form fields within Adobe Experience Manager to prevent injection of malicious scripts. 3. Deploy Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of potential XSS attacks. 4. Conduct regular security assessments and penetration testing focused on web application vulnerabilities, including stored XSS. 5. Educate users and administrators about the risks of clicking on suspicious links or submitting untrusted data. 6. Use web application firewalls (WAFs) with rules tuned to detect and block XSS payloads targeting AEM. 7. Review and limit user privileges within AEM to the minimum necessary to reduce the attack surface. 8. Implement multi-factor authentication (MFA) to mitigate risks from session hijacking. 9. Log and monitor unusual activities related to form submissions and user sessions for early detection of exploitation attempts.