CVE-2025-64623 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Experience Manager (AEM) versions 6.5.23 and earlier. The vulnerability arises from insufficient sanitization of user input in certain form fields, allowing a low-privileged attacker to inject malicious JavaScript code that is stored on the server and later executed in the browsers of users who access the affected pages. This type of vulnerability is classified under CWE-79 and can lead to the execution of arbitrary scripts in the context of the victim’s browser session. The attack vector is network-based (AV:N), requires low privileges (PR:L), and user interaction (UI:R), with a scope change (S:C) indicating that the vulnerability can affect resources beyond the initially compromised component. The CVSS v3.1 base score is 5.4, reflecting medium severity due to the combination of factors. The impact includes limited confidentiality and integrity loss, such as theft of session cookies, user impersonation, or manipulation of displayed content, but does not affect availability. No patches or exploits are currently publicly available, but the vulnerability is published and should be addressed promptly. Adobe Experience Manager is widely used by enterprises for managing digital content and web experiences, making this vulnerability a concern for organizations relying on it for their web infrastructure.

For European organizations, the exploitation of this stored XSS vulnerability could lead to unauthorized access to user sessions, theft of sensitive information, and potential manipulation of web content delivered to end users. This can damage organizational reputation, lead to data breaches involving personal or corporate data, and facilitate further attacks such as phishing or privilege escalation. Since AEM is often used by government agencies, financial institutions, and large enterprises in Europe, the impact could be significant in sectors where trust and data integrity are critical. The vulnerability’s requirement for user interaction and low privileges means attackers could exploit it via social engineering or by targeting less privileged users, increasing the risk of widespread impact if not mitigated. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as threat actors often develop exploits after public disclosure.

1. Apply official Adobe patches or updates as soon as they become available for Adobe Experience Manager versions 6.5.23 and earlier. 2. Implement strict input validation and sanitization on all form fields to prevent injection of malicious scripts. 3. Use output encoding techniques on all user-supplied content before rendering it in web pages to neutralize potential scripts. 4. Restrict access to form fields and administrative interfaces to trusted users only, minimizing the attack surface. 5. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers. 6. Monitor web application logs and user activity for unusual behavior indicative of XSS exploitation attempts. 7. Educate users about the risks of interacting with suspicious links or content to reduce successful social engineering. 8. Consider web application firewalls (WAFs) with rules tailored to detect and block XSS payloads targeting AEM environments.