CVE-2025-64847 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Experience Manager (AEM) versions 6.5.23 and earlier. Stored XSS occurs when malicious scripts injected by an attacker are permanently stored on the target server, such as within form fields, and later executed in the browsers of users who access the affected content. In this case, a low-privileged attacker can exploit vulnerable form fields to inject arbitrary JavaScript code. When a victim visits the compromised page, the malicious script executes in their browser context, potentially allowing the attacker to steal session cookies, perform actions on behalf of the user, or manipulate page content. The vulnerability has a CVSS 3.1 base score of 5.4, indicating medium severity. The attack vector is network-based (remote), with low attack complexity, requiring low privileges and user interaction (the victim must visit the malicious page). The scope is changed, meaning the vulnerability affects resources beyond the initially vulnerable component. No patches or exploit code are currently publicly available, and no known exploits in the wild have been reported. However, the risk remains significant due to the widespread use of AEM in enterprise web content management. The vulnerability is classified under CWE-79, which covers improper neutralization of input during web page generation. This vulnerability could be leveraged to compromise confidentiality and integrity by stealing sensitive information or altering web content. Organizations using AEM should monitor for updates and prepare to apply patches promptly. Additional mitigations include input validation, output encoding, and deploying Content Security Policy (CSP) headers to restrict script execution. Regular security assessments and user awareness can further reduce risk.

For European organizations, the impact of CVE-2025-64847 can be significant, especially for those relying on Adobe Experience Manager to deliver public-facing websites or internal portals. Exploitation could lead to theft of session cookies or authentication tokens, enabling attackers to impersonate users and access sensitive data. This compromises confidentiality and integrity of user data and organizational information. Additionally, attackers could manipulate web content to conduct phishing or distribute malware, damaging organizational reputation and trust. While availability is not directly impacted, the indirect effects of compromised user accounts or defaced websites can disrupt business operations. Given the medium CVSS score and requirement for user interaction, the threat is moderate but should not be underestimated. European organizations in sectors such as finance, government, healthcare, and e-commerce, which often use AEM for content management, are particularly at risk. The vulnerability could also be leveraged in targeted attacks against high-value individuals or entities within Europe, increasing the potential impact.

1. Apply official Adobe patches or updates for Adobe Experience Manager as soon as they become available to remediate the vulnerability. 2. Implement strict input validation on all form fields to reject or sanitize potentially malicious input before storage. 3. Employ robust output encoding/escaping techniques when rendering user-supplied content to prevent script execution. 4. Deploy Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of XSS attacks. 5. Conduct regular security code reviews and penetration testing focused on input handling and XSS vectors within AEM implementations. 6. Educate users and administrators about the risks of XSS and encourage cautious behavior when interacting with web content. 7. Monitor web application logs and user activity for signs of suspicious behavior or exploitation attempts. 8. Consider implementing Web Application Firewalls (WAF) with rules designed to detect and block XSS payloads targeting AEM. 9. Limit privileges of users who can submit content to reduce the risk of malicious input injection. 10. Maintain an incident response plan to quickly address any detected exploitation.