CVE-2025-46915: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2025-46915). The vulnerability was discovered and disclosed on June 10, 2025, with initial analysis completed by NIST on June 12, 2025. The affected systems include Adobe Experience Manager up to version 6.5.22 and AEM Cloud Service versions prior to 2025.5.0 (NVD CVE, CVE MITRE).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) with a CVSS v3.1 base score of 5.4 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, required low privileges, and user interaction (NVD CVE).

If exploited, this vulnerability allows malicious JavaScript execution in victims' browsers when they browse to pages containing compromised form fields. The impact is rated as medium severity, with potential for both confidentiality and integrity breaches, though no direct impact on availability has been identified (NVD CVE).

Adobe has addressed this vulnerability in Experience Manager version 6.5.23.0 and AEM Cloud Service version 2025.5.0. Users are advised to update to these or later versions to mitigate the vulnerability (NVD CVE).