CVE-2025-47036: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2025-47036 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. The vulnerability was discovered and disclosed on June 10, 2025, and was assigned by Adobe Systems Incorporated (NVD, Wiz).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) that affects form fields in Adobe Experience Manager. It has been assigned a CVSS v3.1 Base Score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, required low privileges, and user interaction (NVD).

When exploited, this vulnerability allows a low-privileged attacker to inject malicious scripts into vulnerable form fields. The injected JavaScript code can be executed in a victim's browser when they browse to the page containing the compromised field, potentially leading to unauthorized data access or manipulation (NVD, Wiz).

Adobe has addressed this vulnerability in versions after 6.5.22. Organizations using affected versions of Adobe Experience Manager should upgrade to the latest version to mitigate this security risk (Wiz).