CVE-2025-46993: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.22 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2025-46993. The vulnerability was disclosed on July 24, 2025, and was reported by Adobe Systems Incorporated (NVD Database).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) that affects form fields within Adobe Experience Manager. The CVSS v3.1 base score is 5.4 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires low privileges to exploit, needs user interaction, and can potentially affect resources beyond the security scope of the affected component (NVD Database).

If exploited, this vulnerability allows low-privileged attackers to inject malicious scripts into vulnerable form fields. When victims browse to pages containing the compromised fields, the malicious JavaScript executes in their browsers, potentially leading to data theft or manipulation of the user's browser session (NVD Database).

Adobe has addressed this vulnerability in versions after 6.5.22. Users are advised to update their Adobe Experience Manager installations to the latest version to mitigate this security risk (NVD Database).