CVE-2025-46883: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.22 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-46883. The vulnerability was discovered and disclosed on June 10, 2025. This security flaw affects the form field functionality in AEM installations, potentially compromising web application security (NVD CVE, MITRE CVE).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) with a CVSS v3.1 base score of 5.4 (Medium). The attack vector is characterized by CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating that it requires network access, low attack complexity, low privileges, and user interaction (NVD CVE).

When successfully exploited, this vulnerability enables malicious JavaScript execution in victims' browsers when they visit pages containing compromised form fields. The impact is considered moderate, affecting both confidentiality and integrity with low severity, while not impacting system availability (Wiz Analysis).

Adobe has addressed this vulnerability in versions after 6.5.22. Users are strongly advised to upgrade their Adobe Experience Manager installations to the latest version to mitigate this security risk (Adobe Advisory).