CVE-2025-46841: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.22 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2025-46841. The vulnerability was initially discovered and reported to Adobe Systems Incorporated, with the CVE record being created on April 30, 2025 (CVE Details).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) affecting form fields within Adobe Experience Manager. It has received a CVSS v3.1 base score of 5.4 (Medium) with the vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility with low attack complexity, requiring low privileges and user interaction (NVD Database).

When exploited, this vulnerability enables a low-privileged attacker to inject malicious scripts into vulnerable form fields. When victims browse to pages containing the compromised fields, the malicious JavaScript executes in their browsers, potentially leading to unauthorized data access or manipulation (NVD Database).

Adobe has addressed this vulnerability in Experience Manager version 6.5.23.0 and AEM Cloud Service version 2025.5.0. Users are advised to upgrade to these or later versions to mitigate the vulnerability (NVD Database).