CVE-2025-64794 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Experience Manager (AEM), specifically affecting versions 6.5.23 and earlier. Stored XSS vulnerabilities occur when an attacker is able to inject malicious scripts into a web application’s persistent data store, such as form fields, which are then served to other users without proper sanitization or encoding. In this case, a low privileged attacker can submit malicious JavaScript code into vulnerable form fields within AEM. When a victim user accesses the page containing the injected script, the malicious code executes in their browser context. This can lead to unauthorized actions such as session hijacking, credential theft, or manipulation of displayed content, impacting confidentiality and integrity of user data. The vulnerability has a CVSS 3.1 base score of 5.4, reflecting medium severity, with an attack vector of network (remote exploitation), low attack complexity, requiring low privileges but user interaction to trigger the payload. The scope is changed (S:C), indicating that the vulnerability affects components beyond the initially vulnerable component, potentially impacting other parts of the system or user sessions. No known public exploits or active exploitation campaigns have been reported as of the publication date. Adobe has not yet released a patch, and no direct patch links are available. The vulnerability is classified under CWE-79, a common and well-understood web application security issue. Given AEM’s widespread use in enterprise content management and digital experience platforms, this vulnerability poses a risk to organizations relying on AEM for their web presence and customer interactions.

For European organizations, the impact of CVE-2025-64794 can be significant, especially for those using Adobe Experience Manager to manage customer-facing websites and digital services. Successful exploitation could allow attackers to execute arbitrary scripts in the browsers of users, potentially leading to theft of sensitive information such as authentication tokens, personal data, or corporate credentials. This can facilitate further attacks like account takeover or data exfiltration. The integrity of displayed content can be compromised, damaging brand reputation and user trust. Although availability is not directly affected, the indirect consequences of data breaches or regulatory non-compliance (e.g., GDPR violations) could result in financial penalties and operational disruptions. The requirement for user interaction limits automated mass exploitation but does not eliminate risk, as phishing or social engineering can be used to lure victims to vulnerable pages. The medium CVSS score reflects a moderate risk level, but the widespread deployment of AEM in sectors such as government, finance, and retail across Europe elevates the potential impact. Organizations with high volumes of web traffic and sensitive user data are particularly at risk.

To mitigate CVE-2025-64794, European organizations should implement a multi-layered approach: 1) Apply patches or updates from Adobe as soon as they become available to address the vulnerability directly. 2) In the absence of a patch, implement strict input validation and sanitization on all user-submitted data within AEM forms to prevent malicious script injection. 3) Employ output encoding techniques to ensure that any data rendered in web pages is properly escaped, neutralizing injected scripts. 4) Restrict user privileges to the minimum necessary, limiting the ability of low privileged users to submit potentially harmful content. 5) Use Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 6) Monitor web application logs and user activity for unusual behavior indicative of exploitation attempts. 7) Educate users and administrators about the risks of XSS and the importance of cautious interaction with web content. 8) Consider deploying Web Application Firewalls (WAFs) with rules tailored to detect and block XSS payloads targeting AEM. These steps combined can reduce the attack surface and limit the potential for successful exploitation.