CVE-2025-46884: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2025-46884. The vulnerability was initially discovered and reported to Adobe Systems Incorporated, with the CVE record created on April 30, 2025, and publicly disclosed on June 10, 2025 (NVD, CVE).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) affecting form fields within Adobe Experience Manager. It has received a CVSS v3.1 base score of 4.8 (Medium) with the vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. This scoring indicates that the vulnerability requires high privileges and user interaction, can be exploited over the network, and has low complexity, with potential impacts on confidentiality and integrity (NVD, Wiz).

When successfully exploited, the vulnerability enables a high-privileged attacker to inject malicious scripts into vulnerable form fields. When victims browse to the page containing the compromised field, malicious JavaScript may be executed in their browsers, potentially leading to unauthorized data access or manipulation (NVD).

Adobe has addressed this vulnerability in versions after 6.5.22. Users are advised to upgrade their Adobe Experience Manager installations to the latest version to mitigate this security risk (Wiz).