CVE-2025-64790 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Experience Manager (AEM) versions 6.5.23 and earlier. This vulnerability arises from insufficient sanitization of user-supplied input in certain form fields, allowing a low-privileged attacker to inject malicious JavaScript code that is stored persistently on the server. When other users access the affected pages containing the injected scripts, the malicious code executes in their browsers within the security context of the vulnerable AEM instance. This can lead to unauthorized actions such as session hijacking, credential theft, or manipulation of displayed content, impacting confidentiality and integrity. The vulnerability requires the attacker to have some level of access to submit input (low privilege) and relies on user interaction to trigger the malicious script execution. The CVSS v3.1 base score is 5.4, indicating medium severity, with vector metrics AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, meaning network attack vector, low attack complexity, low privileges required, user interaction required, scope changed, and partial confidentiality and integrity impact without availability impact. No public exploit code or active exploitation has been reported yet. Adobe has not yet released a patch at the time of this report, so organizations must rely on interim mitigations. This vulnerability is significant because AEM is widely used by enterprises for managing web content and digital experiences, making it a valuable target for attackers aiming to compromise user sessions or deface content.

For European organizations, the impact of CVE-2025-64790 can be substantial, especially for those relying on Adobe Experience Manager for their digital content management and customer-facing portals. Exploitation could lead to theft of user credentials, session tokens, or other sensitive information, potentially enabling further unauthorized access or data breaches. The integrity of web content could be compromised, damaging brand reputation and user trust. Since AEM often hosts critical corporate websites and intranet portals, the vulnerability could disrupt business operations indirectly through reputational harm or regulatory scrutiny under GDPR if personal data is exposed. The requirement for user interaction limits automated exploitation but does not eliminate risk, especially in environments with many users or where attackers can lure victims to vulnerable pages. The medium severity score reflects these factors, but the scope change (S:C) indicates that the vulnerability can affect resources beyond the initially compromised component, increasing potential impact. Organizations in sectors such as finance, government, and media, which heavily use AEM, may face higher risks.

To mitigate CVE-2025-64790, European organizations should implement the following specific measures: 1) Apply input validation and output encoding on all user-supplied data in AEM forms to prevent injection of malicious scripts. 2) Restrict user privileges to the minimum necessary, limiting the ability of low-privileged users to submit content that could be malicious. 3) Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 4) Monitor web server and application logs for unusual input patterns or repeated attempts to inject scripts. 5) Educate users about the risks of interacting with suspicious links or content within the organization’s web portals. 6) Isolate AEM instances from critical internal networks to reduce lateral movement risk if exploitation occurs. 7) Stay updated with Adobe security advisories and apply patches promptly once available. 8) Consider deploying web application firewalls (WAFs) with rules designed to detect and block XSS payloads targeting AEM. These steps go beyond generic advice by focusing on the specific context of AEM and the nature of the vulnerability.