CVE-2025-46982: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.22 and earlier have been identified with a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was disclosed on June 10, 2025, and was assigned the identifier CVE-2025-46982. This security flaw affects multiple versions of Adobe Experience Manager, including the cloud service versions up to 2025.5.0 (NVD CVE, Wiz Report).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue, identified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It has received a CVSS v3.1 Base Score of 5.4 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction, with impacts on confidentiality and integrity but not availability (NVD CVE).

When exploited, this vulnerability allows malicious JavaScript code execution in a victim's browser when they navigate to a page containing the compromised field. The vulnerability affects both confidentiality and integrity of the system, though it does not impact system availability. The CVSS scoring indicates a moderate severity level, suggesting potential for significant but controlled damage (Wiz Report).

Adobe has addressed this vulnerability in versions after 6.5.22 for standard installations and in version 2025.5.0 for AEM Cloud Service. Users are advised to update to the latest version of Adobe Experience Manager to mitigate this security risk (Adobe Advisory).