CVE-2025-46906: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was initially discovered and reported to Adobe Systems Incorporated, with the CVE record being created on April 30, 2025. The vulnerability was publicly disclosed on June 10, 2025 (NVD Database, CVE Details).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) affecting form fields within the Adobe Experience Manager platform. It has been assigned a CVSS v3.1 base score of 5.4 (Medium), with the vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This scoring indicates that the vulnerability requires low privileges and user interaction, with potential impacts on confidentiality and integrity (NVD Database, Wiz Analysis).

When exploited, this vulnerability enables malicious JavaScript execution in a victim's browser when they navigate to a page containing the compromised field. The attack can lead to potential data exposure and manipulation of web content, though it requires user interaction to be successful (NVD Database).

Adobe has addressed this vulnerability in versions after 6.5.22. Organizations are advised to upgrade their Adobe Experience Manager installations to the latest version to mitigate this security risk (Adobe Advisory).