CVE-2025-46957: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.22 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability (CVE-2025-46957). The vulnerability was initially assigned on April 30, 2025, and publicly disclosed on June 10, 2025. This security issue affects the form fields within Adobe Experience Manager, potentially exposing users to malicious script execution (NVD, CVE).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) affecting form fields within Adobe Experience Manager. It has received a CVSS v3.1 Base Score of 5.4 (Medium) with the vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This scoring indicates that the vulnerability requires network access, has low attack complexity, requires low privileges, and needs user interaction for successful exploitation (NVD, Wiz).

When successfully exploited, the vulnerability enables malicious JavaScript execution in a victim's browser when they navigate to a page containing the compromised field. The impact is assessed as medium severity, with potential for limited confidentiality and integrity breaches (Wiz).

Users are advised to upgrade Adobe Experience Manager to versions newer than 6.5.22 to address this vulnerability (NVD).