CVE-2025-64790 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Experience Manager (AEM), a widely used content management system for building websites and digital experiences. The vulnerability affects versions 6.5.23 and earlier. It allows a low-privileged attacker to inject malicious JavaScript code into vulnerable form fields within the AEM interface. When other users browse pages containing these injected scripts, the malicious code executes in their browsers, potentially leading to session hijacking, data theft, or unauthorized actions performed on behalf of the victim. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS v3.1 base score is 5.4, with vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, meaning the attack can be launched remotely over the network with low attack complexity, requires low privileges and user interaction, affects confidentiality and integrity with a scope change, but does not impact availability. No patches or known exploits are currently available, but the vulnerability is publicly disclosed and should be considered a medium risk. The stored nature of the XSS means that injected scripts persist on the server and affect multiple users, increasing the potential impact compared to reflected XSS. Adobe Experience Manager is commonly used by enterprises and government agencies, making this vulnerability a significant concern for organizations relying on AEM for their web presence.

For European organizations, this vulnerability poses a risk to confidentiality and integrity of sensitive information accessed through Adobe Experience Manager portals. Attackers exploiting this flaw could steal session cookies, enabling unauthorized access to user accounts, or manipulate web content to conduct phishing or spread malware. Since AEM is often used by government bodies, financial institutions, and large enterprises in Europe, the impact could extend to critical services and sensitive data exposure. The requirement for low privileges and user interaction lowers the barrier for exploitation, potentially allowing insider threats or external attackers with limited access to cause harm. The scope change in the CVSS vector indicates that the vulnerability could affect components beyond the initially compromised user, increasing the risk of widespread impact within an organization. Although availability is not affected, the loss of trust and potential regulatory consequences under GDPR for data breaches could be significant. The absence of known exploits in the wild provides a window for proactive defense, but organizations should act swiftly to mitigate risk.

1. Implement strict input validation and sanitization on all form fields within Adobe Experience Manager to prevent injection of malicious scripts. 2. Apply output encoding on all user-supplied data before rendering it in web pages to neutralize potentially harmful content. 3. Restrict user privileges to the minimum necessary, especially for users who can submit or edit content in AEM forms. 4. Deploy Web Application Firewalls (WAFs) with rules tuned to detect and block common XSS payloads targeting AEM. 5. Monitor logs and user activity for unusual behavior indicative of XSS exploitation attempts. 6. Educate users about the risks of clicking on suspicious links or interacting with untrusted content within AEM portals. 7. Prepare for rapid deployment of official patches from Adobe once released, including testing in staging environments. 8. Consider implementing Content Security Policy (CSP) headers to restrict execution of unauthorized scripts in browsers accessing AEM content. 9. Conduct regular security assessments and penetration testing focused on web application vulnerabilities in AEM deployments. 10. Maintain an incident response plan tailored to web application attacks to quickly contain and remediate any exploitation.