CVE-2025-46890: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.22 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-46890. The vulnerability was discovered and disclosed in June 2025, affecting multiple versions of the AEM platform (NVD, CVE Mitre).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79). It received a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The technical assessment indicates that the vulnerability requires low attack complexity and low privileges to exploit, though user interaction is required (NVD, Wiz).

When exploited, this vulnerability allows attackers to inject malicious scripts into vulnerable form fields. When victims browse to pages containing the compromised fields, the malicious JavaScript executes in their browsers, potentially leading to unauthorized data access or manipulation (NVD).

Adobe has addressed this vulnerability in versions after 6.5.22. Organizations using affected versions should upgrade to the latest version to mitigate this security risk (Adobe Advisory).