CVE-2025-47087: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.22 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2025-47087. The vulnerability was initially discovered and disclosed on April 30, 2025, affecting form fields within the Adobe Experience Manager platform (CVE MITRE, NVD).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) that affects form fields within Adobe Experience Manager. It has received a CVSS v3.1 base score of 5.4 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This scoring indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction for successful exploitation (NVD, Wiz).

When exploited, this vulnerability allows malicious JavaScript code to be executed in a victim's browser when they access the page containing the compromised form field. The impact is characterized by low confidentiality and integrity breaches, with no impact on availability. The cross-site scripting vulnerability could potentially lead to unauthorized data access and manipulation of web content (NVD, Wiz).

Adobe has addressed this vulnerability in their security advisory. Users are advised to update their Adobe Experience Manager installations to versions newer than 6.5.22 to mitigate this security risk (Adobe Security Bulletin).