CVE-2025-64872 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Experience Manager (AEM), specifically affecting versions 6.5.23 and earlier. Stored XSS occurs when malicious scripts are permanently stored on the target server, such as within form fields, and later executed in the browsers of users who access the compromised content. In this case, a high privileged attacker—such as an administrator or content editor with elevated rights—can inject malicious JavaScript code into vulnerable form fields within the AEM environment. When other users browse pages containing these fields, the injected script executes in their browsers, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim. The vulnerability has a CVSS 3.1 base score of 4.8, indicating medium severity. The vector metrics specify network attack vector (AV:N), low attack complexity (AC:L), high privileges required (PR:H), user interaction required (UI:R), scope changed (S:C), and impacts on confidentiality and integrity (C:L/I:L) but no impact on availability (A:N). No public exploits or active exploitation have been reported to date. The vulnerability stems from insufficient input sanitization or output encoding in form fields, allowing malicious scripts to be stored and later executed. Adobe Experience Manager is widely used by enterprises and public sector organizations for web content management, making this vulnerability relevant for organizations relying on AEM for their digital presence. The stored XSS can be leveraged for targeted attacks, especially in environments where high privileged users have access to content editing features. Attackers could use this to escalate privileges, steal session cookies, or perform actions impersonating legitimate users.

For European organizations, this vulnerability poses a risk primarily to confidentiality and integrity of user sessions and data within Adobe Experience Manager environments. Organizations using AEM for public-facing websites or intranet portals could see attackers inject malicious scripts that compromise user credentials or session tokens, potentially leading to unauthorized access or data leakage. The requirement for high privileges to inject the script limits the attack surface but does not eliminate risk, especially if internal accounts are compromised or insider threats exist. The scope change in the CVSS vector indicates that the vulnerability can affect resources beyond the initially vulnerable component, potentially impacting multiple users or systems. Given the widespread use of Adobe Experience Manager in government, finance, and large enterprises across Europe, exploitation could disrupt trust in digital services and lead to regulatory compliance issues under GDPR if personal data is exposed. While no known exploits exist currently, the vulnerability could be targeted in spear-phishing or insider attack scenarios. The medium severity rating suggests moderate urgency but should not be ignored, especially in high-value environments.

1. Immediately restrict and audit high privileged accounts in Adobe Experience Manager to reduce the risk of malicious script injection. 2. Implement strict input validation and output encoding on all form fields within AEM to prevent injection of executable scripts. 3. Apply the latest Adobe patches or updates once released; monitor Adobe security advisories for official fixes. 4. Use Web Application Firewalls (WAFs) with custom rules to detect and block suspicious script payloads targeting AEM form fields. 5. Conduct regular security reviews and penetration testing focused on XSS vulnerabilities in AEM deployments. 6. Educate administrators and content editors on the risks of injecting untrusted content and enforce least privilege principles. 7. Monitor logs and user activity for unusual behavior indicative of attempted exploitation or privilege misuse. 8. Consider implementing Content Security Policy (CSP) headers to limit the impact of any injected scripts. 9. Segment AEM environments from critical internal networks to contain potential breaches. 10. Prepare incident response plans specific to web application attacks involving stored XSS.