CVE-2025-46918: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered and disclosed on June 10, 2025, with initial analysis completed by NIST on June 12, 2025. This security issue affects the form fields within the Adobe Experience Manager platform (NVD, CVE).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) that affects form fields in Adobe Experience Manager. It has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, required low privileges, and user interaction (NVD, Wiz).

When exploited, this vulnerability allows malicious JavaScript execution in a victim's browser when they browse to a page containing the compromised field. The impact is characterized by low confidentiality and integrity breaches, with no impact on system availability (NVD).

Adobe has addressed this vulnerability in versions after 6.5.22 and AEM Cloud Service versions after 2025.5.0. Users are advised to upgrade to the latest version to mitigate this security risk (NVD).