CVE-2025-64791 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Experience Manager (AEM) versions 6.5.23 and earlier. The vulnerability arises from insufficient sanitization of user-supplied input in certain form fields, allowing a low-privileged attacker to inject malicious JavaScript code that is stored persistently on the server. When other users visit the affected pages containing these vulnerable fields, the malicious script executes in their browsers, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS 3.1 base score is 5.4, with vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, meaning the attack can be launched remotely over the network with low attack complexity and requires low privileges and user interaction. The scope is changed, indicating that the vulnerability affects resources beyond the initially vulnerable component. Although no known exploits are currently reported in the wild, the presence of stored XSS in a widely used enterprise content management system like AEM poses a significant risk, especially in environments where multiple users access the same content. The lack of available patches at the time of publication necessitates immediate attention to mitigation strategies.

For European organizations, this vulnerability can lead to unauthorized disclosure of sensitive information, such as session cookies or personal data, through malicious script execution in user browsers. It can also compromise data integrity by enabling attackers to manipulate web page content or perform actions on behalf of authenticated users. Given that Adobe Experience Manager is widely used by enterprises, government agencies, and media companies across Europe for digital content delivery and customer experience management, exploitation could disrupt business operations and damage reputations. The medium severity rating reflects the need for user interaction and low privileges, which somewhat limits the attack surface but does not eliminate risk. Organizations handling sensitive or regulated data (e.g., GDPR-protected information) face compliance risks if such vulnerabilities are exploited. Additionally, the cross-site scripting could serve as a foothold for further attacks, including phishing or malware distribution, amplifying the impact.

European organizations should implement several specific measures beyond generic advice: 1) Immediately audit all AEM instances to identify vulnerable versions and affected form fields. 2) Apply any available patches from Adobe as soon as they are released; monitor Adobe security advisories closely. 3) Implement strict input validation and output encoding on all user-supplied data fields to neutralize malicious scripts. 4) Restrict access to form submission features to trusted users or roles to reduce the risk of low-privileged attackers injecting scripts. 5) Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers. 6) Monitor web server and application logs for unusual input patterns or repeated form submissions indicative of exploitation attempts. 7) Educate users about the risks of clicking on suspicious links or interacting with untrusted content within AEM-managed sites. 8) Consider deploying Web Application Firewalls (WAFs) with rules tuned to detect and block XSS payloads targeting AEM. 9) Regularly review and update security configurations and conduct penetration testing focused on XSS vulnerabilities in AEM environments.