CVE-2025-46888: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-46888. The vulnerability was discovered and disclosed on June 10, 2025. This security flaw could be exploited by attackers with low privileges to inject malicious scripts into vulnerable form fields within the AEM system (NVD, CVE Mitre).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) affecting form fields within Adobe Experience Manager. It has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This scoring indicates that the vulnerability is network accessible, requires low attack complexity and privileges, and needs user interaction for successful exploitation (Wiz).

When successfully exploited, this vulnerability enables the execution of malicious JavaScript in victims' browsers when they access pages containing compromised form fields. The impact assessment indicates low confidentiality and integrity breaches, with no impact on system availability (Wiz).

Adobe has addressed this vulnerability in versions after 6.5.22. Organizations are strongly advised to upgrade their Adobe Experience Manager installations to the latest version to mitigate this security risk (Wiz).