CVE-2025-64600 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Experience Manager (AEM) versions 6.5.23 and earlier. This vulnerability allows a low-privileged attacker to inject malicious JavaScript code into vulnerable form fields within the AEM interface. When a victim user accesses a page containing the injected script, the malicious code executes in their browser context. The attack exploits improper input sanitization and output encoding in form fields, enabling persistent script injection that remains stored on the server and served to subsequent users. The vulnerability is classified under CWE-79, indicating a classic XSS flaw. The CVSS 3.1 base score is 5.4, with vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, meaning the attack can be performed remotely over the network with low attack complexity, requires low privileges, and user interaction is necessary. The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially vulnerable component, potentially impacting other users. The impact includes limited confidentiality and integrity loss, such as theft of session cookies or manipulation of displayed content, but no direct availability impact. No public exploits are known at this time, but the vulnerability poses a moderate risk due to the widespread use of AEM in enterprise content management. The lack of available patches at the time of publication requires organizations to implement interim mitigations.

For European organizations, this vulnerability poses a moderate risk primarily to confidentiality and integrity of web sessions and content managed via Adobe Experience Manager. Attackers exploiting this flaw could hijack user sessions, steal sensitive information, or alter displayed content, potentially damaging organizational reputation and trust. Sectors such as government, finance, healthcare, and media, which often rely on AEM for digital content delivery, are particularly at risk. The vulnerability could facilitate phishing, credential theft, or unauthorized actions performed in the context of legitimate users. Given the cross-site nature, the impact extends to any user accessing the compromised pages, increasing the potential attack surface. Although no availability impact is expected, the indirect consequences of data leakage or content manipulation could lead to regulatory penalties under GDPR if personal data is exposed. The requirement for low privileges and user interaction lowers the barrier for exploitation, making it a credible threat to European enterprises using affected AEM versions.

1. Apply official Adobe patches immediately once released for AEM versions 6.5.23 and earlier to remediate the vulnerability. 2. Until patches are available, implement strict input validation and output encoding on all form fields to prevent script injection. 3. Deploy a robust Content Security Policy (CSP) that restricts the execution of inline scripts and limits sources of executable code. 4. Conduct regular security audits and code reviews focusing on user input handling within AEM components. 5. Monitor web server and application logs for unusual or suspicious input patterns indicative of attempted XSS exploitation. 6. Educate users and administrators about the risks of clicking on suspicious links or interacting with untrusted content within AEM-managed sites. 7. Consider using web application firewalls (WAF) with XSS detection capabilities to block malicious payloads targeting vulnerable endpoints. 8. Limit privileges of users who can submit content to the vulnerable form fields to reduce the risk of malicious input injection. 9. Isolate critical AEM instances and restrict access to trusted networks to minimize exposure. 10. Maintain up-to-date backups and incident response plans to quickly recover from potential compromises.