CVE-2025-64801 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Experience Manager (AEM) versions 6.5.23 and earlier. Stored XSS occurs when malicious script code is permanently stored on a target server, such as within form fields, and later executed in the browsers of users who access the affected content. In this case, a low-privileged attacker can inject arbitrary JavaScript into vulnerable form fields within AEM. When other users visit pages containing these fields, the malicious scripts execute in their browsers, potentially allowing attackers to steal session cookies, perform actions on behalf of users, or redirect users to malicious sites. The vulnerability requires some level of user interaction (browsing to the affected page) and low privilege on the system, but no authentication bypass is indicated. The CVSS v3.1 base score of 5.4 reflects a medium severity, with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), low privileges required (PR:L), user interaction required (UI:R), scope changed (S:C), and impacts on confidentiality and integrity (C:L/I:L) but no impact on availability (A:N). No public exploits have been reported yet, and no patches are currently linked, indicating that organizations should monitor Adobe advisories closely. The vulnerability stems from insufficient input validation and output encoding in form fields, allowing script injection. Given AEM's widespread use in enterprise content management and digital experience platforms, exploitation could lead to data leakage, session hijacking, or unauthorized actions within affected web applications.

For European organizations, this vulnerability poses a risk primarily to confidentiality and integrity of user data and sessions. Attackers exploiting this flaw could steal authentication tokens, enabling unauthorized access to sensitive information or user accounts. This is particularly concerning for organizations handling personal data under GDPR, as exploitation could lead to data breaches and regulatory penalties. The impact on availability is minimal, but the reputational damage and potential financial loss from compromised user trust and regulatory fines could be significant. Organizations using AEM for customer-facing websites, intranets, or digital services are at risk of targeted attacks, especially if they have not applied mitigations or patches. The medium severity score suggests that while exploitation is feasible, it requires some user interaction and privileges, limiting mass exploitation but still posing a serious threat to high-value targets. The absence of known exploits in the wild provides a window for proactive defense.

1. Monitor Adobe security advisories closely and apply official patches or updates as soon as they become available for AEM versions 6.5.23 and earlier. 2. Implement strict input validation on all form fields to reject or sanitize potentially malicious scripts before storage. 3. Employ robust output encoding/escaping techniques when rendering user-supplied content to prevent script execution. 4. Deploy Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of any injected code. 5. Conduct regular security audits and penetration testing focused on web application input handling and XSS vulnerabilities. 6. Educate developers and administrators on secure coding practices specific to AEM and web applications. 7. Restrict privileges for users who can submit content to minimize the risk from low-privileged attackers. 8. Use web application firewalls (WAFs) with rules tuned to detect and block XSS attack patterns targeting AEM. 9. Monitor logs and user activity for unusual behavior that could indicate exploitation attempts. 10. Consider isolating or sandboxing vulnerable components until patches are applied.