CVE-2025-46988: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.22 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2025-46988. The vulnerability was discovered and reported to Adobe Systems Incorporated, with the CVE ID being assigned on April 30, 2025. This security issue affects both standard installations and AEM Cloud Service versions prior to 2025.5.0 (CVE MITRE, NVD).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue, identified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It has received a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, required low privileges, and user interaction (NVD).

When exploited, this vulnerability allows malicious JavaScript execution in victims' browsers when they access pages containing compromised form fields. The impact is characterized by low confidentiality and integrity breaches, with no impact on availability (NVD).

Adobe has addressed this vulnerability in versions after 6.5.22 for standard installations and after version 2025.5.0 for AEM Cloud Service. Users are advised to update to the latest version to mitigate this security risk (NVD).