CVE-2025-46880: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.22 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2025-46880. The vulnerability was discovered and initially reported on April 30, 2025, with the CVE record being published on June 10, 2025 (CVE Details).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) affecting form fields within Adobe Experience Manager. It has received a CVSS v3.1 base score of 5.4 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This scoring indicates that the vulnerability requires low privileges and user interaction for exploitation, with potential impacts on confidentiality and integrity (NVD).

When successfully exploited, this vulnerability allows a low-privileged attacker to inject malicious scripts into vulnerable form fields. The injected JavaScript code can then be executed in a victim's browser when they navigate to the page containing the compromised field (Wiz).

Adobe has addressed this vulnerability in versions after 6.5.22. Organizations using affected versions of Adobe Experience Manager should upgrade to the latest version to mitigate this security risk (NVD).