CVE-2025-46856: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability identified as CVE-2025-46856. The vulnerability was disclosed on August 20, 2025, and was assigned a CVSS v3.1 base score of 5.4 (Medium) (NVD, AttackerKB).

The vulnerability is classified as a DOM-based Cross-Site Scripting (XSS) issue (CWE-79). It has been assigned a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, low privileges required, and user interaction required for successful exploitation (NVD).

If successfully exploited, this vulnerability allows an attacker to execute malicious JavaScript within the context of the victim's browser. The impact is considered moderate with low confidentiality and integrity impacts, while availability is not affected (NVD).

Adobe has addressed this vulnerability in versions after 6.5.22. Users are advised to upgrade to the latest version of Adobe Experience Manager (Adobe Advisory).