CVE-2025-64605 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Experience Manager (AEM) versions 6.5.23 and earlier. This vulnerability arises from insufficient sanitization of user input in certain form fields, allowing a low-privileged attacker to inject malicious JavaScript code that is stored persistently on the server. When legitimate users access the affected pages, the malicious script executes in their browsers, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The vulnerability has a CVSS 3.1 base score of 5.4, indicating medium severity. The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality and integrity but not availability. No patches are currently linked, and no known exploits have been reported in the wild, suggesting the vulnerability is newly disclosed. Adobe Experience Manager is widely used in enterprise content management and digital experience delivery, making this vulnerability significant for organizations relying on AEM for web content. Attackers exploiting this vulnerability could compromise user sessions or manipulate displayed content, undermining trust and potentially leading to further attacks such as phishing or malware distribution.

For European organizations, the impact of CVE-2025-64605 can be substantial, especially for those using Adobe Experience Manager to manage public-facing websites or intranet portals. Successful exploitation can lead to the theft of session cookies, enabling attackers to impersonate users, including administrators, thereby compromising sensitive data and internal systems. The integrity of web content can also be undermined, potentially damaging brand reputation and user trust. While availability is not directly affected, the indirect consequences of data breaches or defacement can disrupt business operations. Given the medium CVSS score and requirement for user interaction, the risk is moderate but non-negligible. Organizations in sectors such as finance, government, and critical infrastructure that rely on AEM for digital services are particularly vulnerable. Additionally, attackers could leverage this vulnerability as a foothold for more advanced persistent threats or lateral movement within networks.

1. Monitor Adobe’s official channels for patches or security updates addressing CVE-2025-64605 and apply them promptly once available. 2. Implement strict input validation and output encoding on all form fields to prevent injection of malicious scripts, using a whitelist approach where possible. 3. Restrict user privileges on content submission forms to the minimum necessary, reducing the risk posed by low-privileged attackers. 4. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers. 5. Conduct regular security audits and penetration testing focused on web application vulnerabilities, including stored XSS. 6. Educate users and administrators about the risks of XSS attacks and encourage vigilance against suspicious links or content. 7. Use web application firewalls (WAFs) configured to detect and block common XSS attack patterns targeting AEM. 8. Review and harden session management controls to limit the impact of stolen session tokens. 9. Isolate critical administrative interfaces from public access where feasible to reduce exposure. 10. Maintain comprehensive logging and monitoring to detect anomalous activities indicative of exploitation attempts.