CVE-2025-47003 in Experience Managerinfo

Summary

by MITRE • 06/11/2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 06/16/2025

Adobe Experience Manager versions 6.5.22 and earlier contain a critical stored cross-site scripting vulnerability that represents a significant security risk for organizations relying on this content management platform. This vulnerability falls under the CWE-79 category of Cross-Site Scripting, specifically classified as a stored XSS flaw that allows attackers to inject malicious scripts into form fields that are subsequently stored and executed when other users view the affected content. The vulnerability exists due to insufficient input validation and output encoding mechanisms within the form processing components of the AEM platform, creating an attack surface where malicious actors can persist their payloads within the application's data store.

The operational impact of this vulnerability extends beyond simple script execution as it provides attackers with a persistent foothold within the affected environment. Low privileged attackers who can submit data through vulnerable forms can craft malicious payloads that will execute whenever legitimate users access pages containing the stored script. This creates a vector for session hijacking, credential theft, and further exploitation of the compromised user's browser context. The vulnerability aligns with ATT&CK technique T1531 for Establishing Persistence and T1566 for Phishing, as attackers can use the stored scripts to redirect users to malicious sites or steal session cookies. The attack chain typically involves initial access through form submission, followed by script execution in victim browsers, potentially leading to full compromise of user sessions and access to sensitive organizational data.

Organizations utilizing Adobe Experience Manager versions 6.5.22 or earlier must implement immediate mitigations to protect their environments from exploitation attempts. The primary defense mechanism involves implementing robust input validation and output encoding across all form fields and user input points within the AEM platform. This includes implementing Content Security Policy headers, employing proper HTML escaping for all dynamic content, and validating all user-supplied input against strict whitelists. Organizations should also consider implementing Web Application Firewall rules to detect and block common XSS payload patterns, though this should not replace proper input validation. The recommended long-term solution involves upgrading to Adobe Experience Manager versions 6.5.23 or later, which contain the necessary patches to address this vulnerability. Additionally, implementing regular security testing including automated scanning and manual penetration testing can help identify similar vulnerabilities in other components of the AEM platform, ensuring comprehensive protection against evolving threat vectors.

Responsible

Adobe

Reservation

04/30/2025

Disclosure

06/11/2025

Moderation

accepted

CPE

ready

EPSS

0.00279

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!