CVE-2025-46911: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.22 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered and disclosed on June 10, 2025, with initial analysis completed by NIST on June 12, 2025. This security issue affects the form fields within Adobe Experience Manager installations (NVD, CVE).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) that affects form fields within Adobe Experience Manager. It has been assigned a CVSS v3.1 base score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. This scoring indicates network accessibility, low attack complexity, high privileges required, and user interaction required for exploitation (NVD, Wiz).

When exploited, this vulnerability allows high-privileged attackers to inject malicious scripts into vulnerable form fields. When victims browse to pages containing these compromised fields, the malicious JavaScript executes in their browsers, potentially leading to unauthorized data access or manipulation (Wiz).

Adobe has addressed this vulnerability in versions after 6.5.22. Users are advised to upgrade their Adobe Experience Manager installations to the latest version to mitigate this security risk (NVD).