CVE-2025-46974: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.22 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-46974. The vulnerability was discovered and reported to Adobe Systems Incorporated, with the CVE ID being assigned on April 30, 2025. This security issue affects the Adobe Experience Manager platform and its form field functionality (CVE Details, NVD).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) and has received a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This scoring indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction, with impacts on confidentiality and integrity but not availability (NVD, Wiz).

When exploited, this vulnerability allows malicious JavaScript execution in victims' browsers when they navigate to pages containing compromised form fields. The impact is considered significant as it affects both the confidentiality and integrity of the system, though it does not impact system availability (NVD, Wiz).

Adobe has addressed this vulnerability in versions after 6.5.22. Users are advised to upgrade their Adobe Experience Manager installations to the latest version to mitigate this security risk (Adobe Advisory).