CVE-2025-64789 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Experience Manager (AEM) versions 6.5.23 and earlier. The vulnerability arises from insufficient sanitization of user-supplied input in certain form fields, allowing a low-privileged attacker to inject malicious JavaScript code that is stored persistently on the server. When a victim user accesses the affected page containing the injected payload, the malicious script executes within their browser context. This can lead to unauthorized actions such as session hijacking, theft of sensitive information like cookies or credentials, and manipulation of the web application’s interface. The vulnerability requires the attacker to have some level of privilege to submit data but does not require administrative access, increasing the attack surface. User interaction is necessary as the victim must visit the compromised page for the script to execute. The CVSS v3.1 score of 5.4 reflects a medium severity, with network attack vector, low attack complexity, low privileges required, and user interaction needed. The scope is changed, indicating that the vulnerability affects components beyond the initially vulnerable module. No patches were listed at the time of publication, and no known exploits have been reported in the wild, but the potential for exploitation exists given the widespread use of AEM in enterprise content management. The vulnerability is classified under CWE-79, a common and well-understood class of web application security issues. Given AEM’s role in managing digital content and user interactions, exploitation could undermine trust, compromise user data, and facilitate further attacks within affected organizations.

For European organizations, the impact of this stored XSS vulnerability in Adobe Experience Manager can be significant. AEM is widely used by enterprises, government agencies, and public sector organizations across Europe to manage websites and digital content. Exploitation could lead to session hijacking, allowing attackers to impersonate legitimate users and access sensitive information or perform unauthorized actions. This can result in data breaches, loss of user trust, and potential regulatory penalties under GDPR if personal data is compromised. The integrity of web content could be undermined, damaging organizational reputation. Although availability is not directly affected, the indirect consequences of compromised user accounts and data leakage can disrupt business operations. Attackers could also use the vulnerability as a foothold to launch further attacks within the network. Given the medium severity and requirement for user interaction, the threat is moderate but should not be underestimated, especially in sectors handling sensitive information such as finance, healthcare, and government services.

Organizations should implement a multi-layered mitigation approach. First, monitor Adobe’s official channels for patches addressing CVE-2025-64789 and apply them promptly once available. Until patches are released, implement strict input validation and output encoding on all user-supplied data in AEM forms to prevent malicious script injection. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of potential XSS payloads. Conduct regular security audits and penetration testing focused on web application vulnerabilities, particularly XSS. Educate users and administrators about the risks of clicking on suspicious links or submitting untrusted content. Limit privileges for users who can submit content to the minimum necessary to reduce the attack surface. Additionally, consider deploying web application firewalls (WAFs) with rules tailored to detect and block XSS attempts targeting AEM. Maintain comprehensive logging and monitoring to detect anomalous activities that may indicate exploitation attempts.