CVE-2025-46876: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was initially discovered and reported to Adobe Systems Incorporated, with the CVE record being created on April 30, 2025, and subsequently published to the National Vulnerability Database on June 10, 2025 (NVD, CVE).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) that could be exploited by an attacker with low privileges. It has received a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This scoring indicates network accessibility, low attack complexity, required low privileges, necessary user interaction, and potential for both confidentiality and integrity impacts (NVD, Wiz).

When successfully exploited, this vulnerability enables attackers to inject malicious scripts into vulnerable form fields. When users browse to a page containing the compromised field, the malicious JavaScript code executes in their browser, potentially leading to unauthorized data access or manipulation of the user's session (NVD, Wiz).

Adobe has addressed this vulnerability in versions after 6.5.22. Organizations are strongly advised to upgrade their Adobe Experience Manager installations to the latest version to mitigate this security risk (NVD).