CVE-2025-46955 in Experience Managerinfo

Summary

by MITRE • 06/11/2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 06/13/2025

Adobe Experience Manager presents a critical stored cross-site scripting vulnerability in versions 6.5.22 and earlier, where malicious actors with low privilege access can inject persistent JavaScript payloads into form fields. This vulnerability resides in the content management system's handling of user input within web forms, creating a persistent threat vector that can affect any user who views the compromised content. The flaw allows attackers to execute arbitrary JavaScript code in the victim's browser context, potentially leading to session hijacking, credential theft, or further exploitation of the compromised user environment.

The technical implementation of this vulnerability stems from inadequate input validation and output encoding within AEM's form processing mechanisms. When users submit data through web forms, the system fails to properly sanitize or escape special characters that could be interpreted as HTML or JavaScript code. This weakness enables attackers to embed malicious scripts that persist in the database or content repository, making the vulnerability particularly dangerous as it remains active until manually removed. The stored nature of this XSS flaw means that any user who accesses the vulnerable page or form field will automatically execute the injected payload without requiring additional user interaction beyond viewing the content.

The operational impact of this vulnerability extends beyond simple script execution, as it can serve as a foothold for more sophisticated attacks within the AEM environment. Attackers can leverage this vulnerability to steal administrator credentials, manipulate content, or establish persistent backdoors within the CMS infrastructure. The low privilege requirement for exploitation makes this vulnerability particularly concerning for organizations that maintain multiple user roles with varying levels of access control. Security teams must consider that this vulnerability could enable attackers to escalate privileges or access sensitive content management features that are typically restricted to authorized users.

Organizations should implement immediate mitigations including input validation and output encoding controls within AEM's form handling components, as well as regular security audits of content management systems to identify and remediate similar vulnerabilities. The implementation of content security policies and proper sanitization of user inputs aligns with industry standards such as CWE-79 for cross-site scripting prevention and supports ATT&CK technique T1566 for social engineering via malicious content. Regular patching and configuration hardening of AEM instances represents the most effective defense against this vulnerability, while monitoring for anomalous content submissions can help detect exploitation attempts. Organizations should also consider implementing web application firewalls and additional access controls to limit the potential impact of such vulnerabilities within their broader security posture.

Responsible

Adobe

Reservation

04/30/2025

Disclosure

06/11/2025

Moderation

accepted

CPE

ready

EPSS

0.00300

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!