CVE-2025-46946: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2025-46946 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager versions 6.5.22 and earlier. The vulnerability was discovered and initially recorded on April 30, 2025, and subsequently published to the NVD on June 10, 2025 (NVD, CVE).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) that could be exploited by an attacker with low privileges. It has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, required low privileges, user interaction required, and potential for confidentiality and integrity impacts (NVD).

When successfully exploited, this vulnerability enables attackers to inject malicious scripts into vulnerable form fields. When users browse to the page containing the compromised field, the malicious JavaScript code executes in their browsers, potentially leading to unauthorized data access or manipulation of the user's browser session (Wiz).

Adobe has addressed this vulnerability in versions after 6.5.22. Organizations are advised to upgrade their Adobe Experience Manager installations to the latest version to mitigate this security risk (NVD).