CVE-2025-46882: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was initially discovered and reported to Adobe Systems Incorporated, with the CVE record being created on April 30, 2025 (CVE Details).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) affecting form fields within Adobe Experience Manager. It has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, and required user interaction (NVD).

When successfully exploited, this vulnerability allows a low-privileged attacker to inject malicious scripts into vulnerable form fields. The injected JavaScript code can be executed in a victim's browser when they navigate to the page containing the compromised field (Wiz).

Adobe has addressed this vulnerability in versions after 6.5.22. Users are strongly advised to upgrade their Adobe Experience Manager installations to the latest version to mitigate this security risk (Wiz).