CVE-2025-47115: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.22 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered and reported to Adobe Systems Incorporated, with the CVE identifier CVE-2025-47115 being assigned on April 30, 2025 (CVE Details).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) that affects form fields within Adobe Experience Manager. The vulnerability has received a CVSS v3.1 base score of 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This scoring indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction for successful exploitation (NVD Database).

When exploited, this vulnerability allows attackers to inject malicious scripts into vulnerable form fields. These scripts can then be executed in victims' browsers when they access the page containing the compromised field. The impact is rated as low for both confidentiality and integrity, with no impact on availability (NVD Database).

Adobe has documented this vulnerability in their security bulletin APSB25-48. Users are advised to update their Adobe Experience Manager installations to versions newer than 6.5.22 (Adobe Advisory).