CVE-2025-46913: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2025-46913. The vulnerability was discovered and disclosed on June 10, 2025, affecting both standard AEM installations and AEM Cloud Service versions (NVD, CVE).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) that could be exploited by a high-privileged attacker to inject malicious scripts into vulnerable form fields. The CVSS v3.1 base score is 4.8 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, high privileges required, and user interaction needed for exploitation (NVD).

When successfully exploited, malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. The vulnerability affects the confidentiality and integrity of the system with low impact, while availability is not affected according to the CVSS metrics (NVD, Wiz).

Adobe has addressed this vulnerability in versions after 6.5.22. Organizations are advised to upgrade their Adobe Experience Manager installations to the latest version to mitigate this security risk (NVD).