CVE-2025-64872 is a stored Cross-Site Scripting (XSS) vulnerability identified in Adobe Experience Manager (AEM), specifically affecting versions 6.5.23 and earlier. Stored XSS occurs when malicious scripts are permanently stored on the target server, such as within form fields, and then served to users without proper sanitization. In this case, a high privileged attacker—such as an administrator or content editor with elevated rights—can inject malicious JavaScript code into vulnerable form fields within AEM. When other users browse pages containing these fields, the injected script executes in their browsers, potentially allowing the attacker to steal session cookies, perform actions on behalf of the victim, or manipulate page content. The vulnerability has a CVSS 3.1 base score of 4.8, reflecting medium severity, with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), high privileges required (PR:H), user interaction required (UI:R), and a scope change (S:C). The impact affects confidentiality and integrity to a limited extent but does not affect availability. No public exploits have been reported yet, but the vulnerability is published and should be addressed promptly. The lack of available patches at the time of reporting necessitates interim mitigations. Given AEM's widespread use in enterprise content management, this vulnerability poses a risk to organizations relying on it for web content delivery and internal portals.

For European organizations, the impact of CVE-2025-64872 can be significant, particularly for those using Adobe Experience Manager to manage public-facing websites or internal portals. Exploitation could lead to unauthorized disclosure of sensitive information such as session tokens or user data, enabling attackers to impersonate users or escalate privileges. This can result in data breaches, defacement of web content, or unauthorized actions performed under the victim's identity, undermining trust and potentially violating data protection regulations like GDPR. Although the vulnerability requires high privileges and user interaction, insider threats or compromised administrative accounts could facilitate exploitation. The scope of affected systems includes any European enterprise or public sector entity using vulnerable AEM versions, especially those in sectors like finance, government, healthcare, and media, where AEM is prevalent. The medium severity score indicates moderate risk, but the potential for chained attacks or targeted exploitation against high-value assets elevates the concern.

To mitigate CVE-2025-64872, European organizations should first verify their Adobe Experience Manager version and plan immediate upgrades to a patched version once available. Until patches are released, restrict high privilege access to trusted personnel only and enforce strong authentication and session management controls. Implement rigorous input validation and output encoding on all form fields to prevent script injection. Deploy Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers. Monitor logs and user activity for unusual behavior indicative of XSS exploitation attempts. Conduct security awareness training for administrators and users to recognize suspicious content or behavior. Additionally, consider isolating AEM administrative interfaces from public networks and employing web application firewalls (WAFs) with rules tuned to detect and block XSS payloads. Regular security assessments and penetration testing focused on AEM deployments can help identify residual risks.