CVE-2025-46927: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered and disclosed to the CVE List on June 10, 2025, with the last modification date being June 12, 2025. This security issue is tracked as CVE-2025-46927 (NVD, CVE).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) that could be exploited by a low-privileged attacker. The CVSS v3.1 base score is 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates network accessibility, low attack complexity, required low privileges, user interaction, and potential for both confidentiality and integrity impacts (Wiz, NVD).

If exploited, this vulnerability allows attackers to inject malicious scripts into vulnerable form fields. When victims browse to the page containing the compromised field, the malicious JavaScript code executes in their browser, potentially leading to unauthorized data access or manipulation (NVD, Wiz).

Adobe has addressed this vulnerability in versions after 6.5.22. Organizations should upgrade their Adobe Experience Manager installations to the latest version to mitigate this security risk (NVD, Wiz).