CVE-2025-46965: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.22 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability (CVE-2025-46965). The vulnerability was discovered and initially disclosed on June 10, 2025. This security flaw affects the form field functionality in Adobe Experience Manager (NVD, CVE).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) that affects form fields within the application. It has received a CVSS v3.1 Base Score of 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction, with a changed scope and low impact on confidentiality and integrity (NVD).

When successfully exploited, the vulnerability allows malicious JavaScript execution in a victim's browser when they browse to a page containing the compromised field. The impact is considered medium severity, with potential for both information disclosure and integrity violations through script injection (NVD).

Users should upgrade to versions newer than Adobe Experience Manager 6.5.22 to address this vulnerability. The fix has been confirmed in version 6.5.23.0 for standard installations and version 2025.5.0 for AEM Cloud Service (NVD).