CVE-2025-46895: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2025-46895. The vulnerability was discovered and initially reported to Adobe Systems Incorporated, with the CVE record being created on April 30, 2025, and published to the NVD on June 10, 2025 (NVD).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue, categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation). It received a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, and required user interaction (NVD, Wiz).

When exploited, this vulnerability allows malicious JavaScript execution in victims' browsers when they access pages containing compromised form fields. The impact is considered medium severity, with potential for information disclosure and limited integrity compromise (NVD, Wiz).

Adobe has addressed this vulnerability in versions after 6.5.22. Users are advised to upgrade their Adobe Experience Manager installations to the latest version to mitigate this security risk (Vendor Advisory).