CVE-2025-46862: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that was disclosed on June 10, 2025. The vulnerability affects both standard installations and AEM Cloud Service versions up to 2025.5.0 (NVD Database, CVE Database).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) with a CVSS v3.1 Base Score of 5.4 (Medium). The attack vector is network-accessible (AV:N), requires low attack complexity (AC:L), needs low privileges (PR:L), and requires user interaction (UI:R). The scope is changed (S:C), with low impacts on confidentiality (C:L) and integrity (I:L), but no impact on availability (A:N) (NVD Database).

If exploited, this vulnerability allows a low-privileged attacker to inject malicious scripts into vulnerable form fields. When victims browse to the page containing the vulnerable field, the malicious JavaScript may be executed in their browsers (NVD Database).

Adobe has addressed this vulnerability in versions after 6.5.22 and in AEM Cloud Service versions after 2025.5.0. Users are advised to update to the latest version to mitigate this security risk (NVD Database).