CVE-2025-46953: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.22 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability (CVE-2025-46953). The vulnerability was discovered and initially reported to Adobe Systems Incorporated, with the CVE record created on April 30, 2025, and publicly disclosed on June 10, 2025 (NVD, CVE).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) affecting form fields in Adobe Experience Manager. It has received a CVSS v3.1 base score of 5.4 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This scoring indicates that the vulnerability requires network access, has low attack complexity, requires low privileges and user interaction, with impacts to confidentiality and integrity but not availability (NVD).

When successfully exploited, this vulnerability allows malicious JavaScript to be executed in a victim's browser when they browse to a page containing the vulnerable field. The attack can lead to unauthorized data access and potential manipulation of web content (Wiz).

Users are advised to upgrade to versions newer than Adobe Experience Manager 6.5.22 to address this vulnerability (Wiz).