CVE-2025-64850 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Experience Manager (AEM) versions 6.5.23 and earlier. This vulnerability arises from insufficient sanitization of user input in certain form fields, allowing a low-privileged attacker to inject malicious JavaScript code that is stored persistently on the server. When other users access the affected pages containing the injected scripts, the malicious code executes in their browsers. This can lead to theft of sensitive information such as session cookies, user credentials, or manipulation of the displayed content, compromising confidentiality and integrity. The vulnerability requires user interaction (browsing to the infected page) and low privileges to exploit, but does not require the attacker to have administrative access. The CVSS 3.1 score of 5.4 reflects a medium severity, with network attack vector, low attack complexity, and partial impact on confidentiality and integrity but no impact on availability. No public exploits or patches are currently available, indicating the vulnerability is newly disclosed. Adobe Experience Manager is widely used by enterprises for managing digital content and customer experiences, making this vulnerability significant for organizations relying on this platform. The vulnerability’s scope is limited to affected AEM versions, but the potential for widespread impact exists due to the nature of stored XSS and the ability to target multiple users through a single injection.

For European organizations, the impact of CVE-2025-64850 can be significant, especially for those using Adobe Experience Manager as a core component of their digital infrastructure. Exploitation could lead to unauthorized access to user sessions, theft of sensitive data, and potential defacement or manipulation of web content, undermining trust and compliance with data protection regulations such as GDPR. The confidentiality and integrity of user data are at risk, which could result in reputational damage and legal consequences. Since AEM is often used by government agencies, financial institutions, and large enterprises in Europe, the vulnerability could be leveraged for targeted attacks or espionage. The requirement for user interaction limits automated exploitation but does not eliminate risk, particularly in environments with high user traffic. The absence of known exploits currently provides a window for proactive mitigation, but the medium severity score indicates that the threat should not be underestimated.

1. Implement strict input validation and sanitization on all form fields within Adobe Experience Manager to prevent malicious script injection. 2. Deploy Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 3. Monitor web application logs and user activity for unusual patterns indicative of XSS attempts. 4. Educate users and administrators about the risks of clicking on suspicious links or interacting with untrusted content within AEM-managed sites. 5. Apply any forthcoming patches or updates from Adobe promptly once released. 6. Consider using web application firewalls (WAFs) with rules specifically designed to detect and block XSS payloads targeting AEM. 7. Conduct regular security assessments and penetration testing focusing on input handling and stored XSS vectors. 8. Limit privileges for users who can submit content to reduce the attack surface. 9. Review and harden AEM configurations to minimize exposure of vulnerable components. 10. Establish incident response procedures to quickly address any detected exploitation attempts.