CVE-2025-47056: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.22 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered and disclosed on April 30, 2025, with Adobe Systems Incorporated as the assigning CNA. This security flaw affects the form field functionality within AEM installations (MITRE CVE, NVD Database).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) that affects form fields within Adobe Experience Manager. The CVSS v3.1 base score is 5.4 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction, with potential impacts on confidentiality and integrity (NVD Database, Wiz Security).

When exploited, this vulnerability allows malicious JavaScript execution in victims' browsers when they visit pages containing compromised form fields. The impact is characterized by low confidentiality and integrity breaches, with no effect on availability. The cross-site scripting vulnerability could potentially lead to unauthorized data access or manipulation of user sessions (Wiz Security).

Adobe has addressed this vulnerability in versions after 6.5.22. Organizations running affected versions should upgrade to the latest version of Adobe Experience Manager to mitigate this security risk (Adobe Security).