CVE-2025-46957 in Experience Managerinfo

Summary

by MITRE • 06/11/2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 06/13/2025

Adobe Experience Manager versions 6.5.22 and earlier contain a critical stored cross-site scripting vulnerability that represents a significant security risk for organizations relying on this content management platform. This vulnerability falls under the CWE-79 category of Cross-Site Scripting and specifically manifests as a stored XSS flaw that allows attackers to inject malicious scripts into form fields within the AEM interface. The vulnerability exists due to insufficient input validation and output encoding mechanisms that fail to properly sanitize user-supplied data before it is stored and subsequently rendered back to users. Attackers with low privileged access can exploit this weakness by submitting malicious payloads through form fields that are then stored in the system's database or content repository.

The operational impact of this vulnerability extends beyond simple script execution as it provides attackers with a persistent vector for delivering malicious code to unsuspecting users. When victims browse to pages containing the compromised form fields, their browsers execute the injected JavaScript code within the context of their authenticated sessions. This creates a dangerous scenario where attackers can potentially escalate privileges, steal session cookies, perform unauthorized actions on behalf of users, or redirect victims to malicious websites. The stored nature of this vulnerability means that the malicious payload remains active even after the initial injection, making it particularly dangerous for long-term persistence. According to ATT&CK framework, this vulnerability maps to T1566.001 (Phishing) and T1059.007 (Scripting) techniques, as attackers can leverage it to deliver malicious scripts and establish persistent access through user interaction.

Organizations using affected AEM versions face substantial risk of data breaches and unauthorized access to their digital assets. The vulnerability can be exploited to compromise user sessions, access sensitive content, or manipulate the content management interface itself. Mitigation strategies should include immediate patching of affected systems to the latest AEM versions that contain the necessary security fixes. Additionally, administrators should implement strict input validation controls, enhance output encoding mechanisms, and deploy web application firewalls to detect and block malicious script injection attempts. Regular security assessments and penetration testing should be conducted to identify similar vulnerabilities in the broader application ecosystem. The fix addresses the root cause by implementing proper sanitization of user inputs and ensuring that all stored data is properly escaped before rendering in the browser context, thereby preventing the execution of malicious scripts through the vulnerable form fields.

Responsible

Adobe

Reservation

04/30/2025

Disclosure

06/11/2025

Moderation

accepted

CPE

ready

EPSS

0.00275

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!