CVE-2025-46899: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-46899. The vulnerability was discovered and published to the CVE List on June 10, 2025. This security issue affects the form fields within the Adobe Experience Manager platform, potentially allowing malicious script injection by attackers with low privileges (NVD, CVE).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability (CWE-79). It has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This scoring indicates network accessibility, low attack complexity, required low privileges, and necessary user interaction for successful exploitation (NVD, Wiz).

When exploited, the vulnerability enables malicious JavaScript execution in a victim's browser when they navigate to a page containing the compromised field. This could potentially lead to unauthorized data access and manipulation of user sessions (Wiz).

Adobe has addressed this vulnerability in versions after 6.5.22. Users are strongly advised to upgrade to the latest version of Adobe Experience Manager to mitigate this security risk (Wiz).