CVE-2025-64792 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Experience Manager (AEM) versions 6.5.23 and earlier. Stored XSS occurs when malicious scripts are permanently stored on the target server, such as within form fields, and later executed in the browsers of users who access the affected content. In this case, a low-privileged attacker can inject JavaScript code into vulnerable form fields within AEM, which is then stored and served to other users. When a victim visits the page containing the malicious input, the injected script executes in their browser context, potentially allowing the attacker to steal session cookies, perform actions on behalf of the user, or redirect them to malicious sites. The vulnerability requires the attacker to have at least low privileges to submit malicious input and requires user interaction (visiting the affected page) to trigger the exploit. The CVSS 3.1 base score is 5.4, indicating a medium severity level, with the vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This means the attack is network exploitable, requires low privileges and user interaction, and impacts confidentiality and integrity with a scope change (the vulnerability affects resources beyond the initially vulnerable component). No public exploits or patches have been reported at the time of publication, but the vulnerability is publicly disclosed and should be addressed promptly. Stored XSS vulnerabilities are particularly dangerous in web content management systems like AEM because they can affect many users and lead to widespread compromise if exploited. The vulnerability is tracked under CWE-79, a common and well-understood web security weakness.

For European organizations using Adobe Experience Manager, this vulnerability presents a risk of client-side script injection that can lead to session hijacking, theft of sensitive information, or unauthorized actions performed in the context of authenticated users. Since AEM is widely used for managing digital content and customer-facing portals, exploitation could compromise the confidentiality and integrity of user data and damage organizational reputation. The vulnerability does not directly impact system availability but can facilitate further attacks such as phishing or privilege escalation. Organizations handling sensitive customer data or operating in regulated sectors (e.g., finance, healthcare, government) face increased risk of compliance violations and data breaches. The medium CVSS score reflects that while exploitation is feasible, it requires some user interaction and low privileges, limiting immediate impact but still warranting timely remediation. The scope change in the CVSS vector indicates that the vulnerability can affect components beyond the initially vulnerable module, potentially increasing the attack surface. The absence of known exploits in the wild suggests a window of opportunity to patch before active attacks emerge.

1. Monitor Adobe's official security advisories and apply patches or updates as soon as they become available for AEM versions 6.5.23 and earlier. 2. Implement strict input validation and sanitization on all form fields to prevent injection of malicious scripts. Use server-side validation in addition to client-side checks. 3. Employ robust output encoding (e.g., HTML entity encoding) when rendering user-supplied content to neutralize injected scripts. 4. Configure Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of XSS attacks. 5. Conduct regular security assessments and penetration testing focused on web application vulnerabilities, including XSS. 6. Educate developers and administrators on secure coding practices and the risks associated with stored XSS. 7. Limit user privileges to the minimum necessary to reduce the risk posed by low-privileged attackers. 8. Monitor web application logs and user activity for signs of suspicious input or anomalous behavior that could indicate exploitation attempts. 9. Consider implementing Web Application Firewalls (WAF) with rules designed to detect and block XSS payloads targeting AEM. 10. Review and harden AEM configurations to disable or restrict features that allow untrusted input to be stored and rendered.