CVE-2025-64611 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Experience Manager (AEM) versions 6.5.23 and earlier. Stored XSS occurs when malicious input is permanently stored on the target server, such as in form fields, and later rendered in users' browsers without proper sanitization or encoding. In this case, a low-privileged attacker can inject arbitrary JavaScript code into vulnerable form fields within AEM. When other users access the affected pages, the malicious script executes in their browsers, potentially allowing attackers to steal session cookies, perform actions on behalf of the user, or redirect users to malicious sites. The vulnerability has a CVSS 3.1 base score of 5.4, indicating medium severity. The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality and integrity partially (C:L, I:L) but not availability (A:N). No public exploits are known at this time, but the vulnerability poses a risk due to the widespread use of AEM in enterprise content management. The lack of available patches at the time of reporting necessitates immediate mitigation efforts to prevent exploitation.

For European organizations, the impact of this vulnerability can be significant, especially for those relying on Adobe Experience Manager for managing digital content and customer experiences. Exploitation could lead to unauthorized disclosure of sensitive information, such as session tokens or personal data, compromising user confidentiality. Attackers could also manipulate content integrity by injecting malicious scripts that alter displayed information or perform unauthorized actions on behalf of users. While availability is not directly impacted, the reputational damage and potential regulatory penalties under GDPR for data breaches could be severe. Organizations in sectors like finance, healthcare, government, and e-commerce, which often use AEM for their web platforms, are particularly at risk. The requirement for user interaction and low privileges lowers the barrier for exploitation, increasing the likelihood of targeted attacks or phishing campaigns leveraging this vulnerability.

To mitigate CVE-2025-64611, organizations should first monitor Adobe's official channels for patches and apply them promptly once available. In the interim, implement strict input validation and output encoding on all form fields within AEM to prevent malicious script injection. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of potential XSS payloads. Conduct regular security audits and penetration testing focused on web application vulnerabilities, including XSS. Educate users and administrators about the risks of interacting with suspicious content and ensure that least privilege principles are enforced for user accounts within AEM. Additionally, consider deploying Web Application Firewalls (WAFs) with rules tailored to detect and block XSS attack patterns targeting AEM. Logging and monitoring should be enhanced to detect anomalous activities indicative of exploitation attempts.