CVE-2025-47021: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that was discovered and disclosed on June 10, 2025. The vulnerability has been assigned identifier CVE-2025-47021 and could be exploited by attackers with low privileges (NVD, CVE).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) with a CVSS v3.1 base score of 5.4 (Medium). The vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N indicates network accessibility, low attack complexity, required low privileges, and user interaction requirements (NVD, Wiz).

When successfully exploited, this vulnerability enables attackers to inject malicious scripts into vulnerable form fields within Adobe Experience Manager. When users navigate to pages containing the compromised fields, the malicious JavaScript executes in their browsers, potentially leading to unauthorized data access or manipulation (Wiz).

Adobe has addressed this vulnerability in versions after 6.5.22. Organizations are strongly advised to update their Adobe Experience Manager installations to the latest version to mitigate this security risk (Wiz).