CVE-2025-64599 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Experience Manager (AEM) versions 6.5.23 and earlier. This vulnerability arises from insufficient sanitization of user input in certain form fields, allowing an attacker with low privileges to inject malicious JavaScript code that is stored on the server. When other users access the affected pages, the malicious script executes in their browsers, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS 3.1 base score of 5.4 reflects that the attack vector is network-based (AV:N), requires low privileges (PR:L), and user interaction (UI:R), with a scope change (S:C) indicating that the vulnerability affects resources beyond the initially vulnerable component. The impact on confidentiality and integrity is low to moderate, with no direct impact on availability. Adobe has not yet released a patch for this issue as of the publication date, and no known exploits have been reported in the wild. However, the vulnerability poses a risk to organizations using AEM for managing web content, especially those with public-facing websites where attackers can submit malicious inputs. The stored nature of the XSS makes it more dangerous than reflected XSS, as the payload persists and can affect multiple users over time.

For European organizations, this vulnerability can lead to unauthorized disclosure of sensitive information, such as session cookies or personal data, through malicious script execution in user browsers. Attackers could manipulate web content or perform actions on behalf of authenticated users, undermining trust and potentially violating data protection regulations like GDPR. Public-facing portals and intranet sites using vulnerable AEM versions are at risk of reputational damage and operational disruption. The medium severity score indicates moderate risk, but the real-world impact depends on the extent of AEM deployment and the sensitivity of the data handled. Since the vulnerability requires user interaction and low privileges, it could be exploited in targeted phishing campaigns or by insiders with limited access. The lack of availability impact reduces the risk of service outages but does not diminish the threat to confidentiality and integrity. Organizations in sectors such as government, finance, and media that rely heavily on AEM for digital experience management are particularly vulnerable.

1. Monitor Adobe’s security advisories closely and apply official patches or updates as soon as they become available to remediate the vulnerability. 2. Implement strict input validation and output encoding on all user-supplied data in AEM forms to prevent malicious script injection. 3. Deploy Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of XSS attacks. 4. Conduct regular security assessments and penetration testing focused on web application vulnerabilities, including XSS. 5. Educate content editors and administrators about the risks of injecting untrusted content and enforce least privilege principles. 6. Use web application firewalls (WAFs) with rules tailored to detect and block XSS payloads targeting AEM. 7. Review and harden AEM configurations to disable or restrict features that allow arbitrary HTML or script input where possible. 8. Implement multi-factor authentication (MFA) to reduce the risk of session hijacking consequences. 9. Monitor logs and user activity for suspicious behavior indicative of exploitation attempts. These measures, combined, will reduce the attack surface and mitigate potential exploitation until patches are deployed.