CVE-2025-46929: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered and disclosed to the CVE List on June 10, 2025, with the last modification date being June 13, 2025. This security issue affects Adobe Experience Manager installations and could potentially impact both cloud service and on-premise deployments (NVD, CVE).

The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) and has been assigned a CVSS v3.1 Base Score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The vulnerability requires low attack complexity and low privileges to exploit, but does require user interaction. The scope is changed, with low impacts on both confidentiality and integrity, while having no impact on availability (NVD, Wiz).

When successfully exploited, this vulnerability allows attackers to inject malicious scripts into vulnerable form fields. The primary risk is that malicious JavaScript code can be executed in a victim's browser when they navigate to a page containing the compromised field. This affects both the confidentiality and integrity of the system with low impact, while having no effect on system availability (NVD, Wiz).

Adobe has addressed this vulnerability in versions after 6.5.22. Organizations are strongly advised to update to the latest version of Adobe Experience Manager to mitigate this security risk (NVD, Vendor Advisory).