CVE-2025-46919 in Experience Managerinfo

Summary

by MITRE • 06/11/2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 06/11/2025

Adobe Experience Manager versions 6.5.22 and earlier contain a critical stored cross-site scripting vulnerability that represents a significant security risk for organizations relying on this content management platform. This vulnerability falls under the CWE-79 category of Cross-Site Scripting, specifically classified as a stored XSS flaw where malicious payloads are permanently stored on the server and executed when victims access the affected pages. The vulnerability manifests when low-privileged attackers exploit form fields within the AEM interface to inject malicious JavaScript code that persists in the system.

The technical exploitation of this vulnerability occurs through the improper sanitization of user input in form fields, allowing attackers to submit malicious scripts that are then stored in the AEM database or content repository. When other users browse to pages containing these vulnerable form fields, the stored JavaScript executes in their browser context, potentially leading to session hijacking, credential theft, or redirection to malicious websites. This stored nature of the vulnerability means that the malicious code remains persistent and can affect multiple users over time, making it particularly dangerous for enterprise environments where content is frequently shared and accessed by numerous users.

The operational impact of this vulnerability extends beyond simple script execution, as it can enable attackers to perform actions with the privileges of the affected users. According to ATT&CK framework, this vulnerability could facilitate initial access and privilege escalation through techniques such as web shell deployment or credential harvesting. Organizations using AEM may experience unauthorized data access, content tampering, or even complete system compromise if attackers leverage this vulnerability to establish persistent access. The low privilege requirement for exploitation makes this vulnerability particularly concerning as it can be exploited by users with minimal permissions, potentially escalating to higher-level attacks.

Mitigation strategies should include immediate patching of AEM instances to versions beyond 6.5.22, implementing robust input validation and output encoding mechanisms, and deploying web application firewalls to detect and block malicious payloads. Organizations should also consider implementing Content Security Policy headers to limit script execution and conduct regular security audits of form fields and user input handling mechanisms. The vulnerability demonstrates the importance of proper input sanitization and the need for comprehensive security testing in enterprise content management systems, particularly those handling user-generated content or form submissions. Security teams should monitor for indicators of compromise related to suspicious form submissions and implement logging mechanisms to detect unauthorized script injection attempts.

Responsible

Adobe

Reservation

04/30/2025

Disclosure

06/11/2025

Moderation

accepted

CPE

ready

EPSS

0.00300

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!