CVE-2025-47005 in Experience Managerinfo

Summary

by MITRE • 06/11/2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 06/16/2025

Adobe Experience Manager presents a critical stored cross-site scripting vulnerability in versions 6.5.22 and earlier, allowing low-privileged attackers to inject malicious JavaScript code into form fields that persist on the server. This vulnerability resides in the content management system's handling of user input within form elements, where insufficient sanitization permits script execution when victims view pages containing the compromised data. The flaw enables attackers with minimal privileges to manipulate content that gets rendered in the browser context of other users, creating a persistent threat vector that can compromise user sessions and data confidentiality.

The technical implementation of this vulnerability stems from inadequate input validation and output encoding within the AEM form processing pipeline. When users submit data through web forms, the system fails to properly sanitize the input before storing it in the repository, allowing malicious payloads to be stored alongside legitimate content. This stored data becomes executable when rendered in the browser, creating a classic persistent XSS scenario that aligns with CWE-79 - Improper Neutralization of Input During Web Page Generation. The vulnerability affects the entire AEM content management ecosystem where user-generated content is processed through form interfaces, particularly impacting the authoring and editing functionalities.

Operational impact of this vulnerability extends beyond simple script execution, as it enables attackers to perform session hijacking, steal sensitive information, redirect users to malicious sites, or execute arbitrary commands within the victim's browser context. The low privilege requirement makes this vulnerability particularly dangerous as it can be exploited by users with minimal access rights, potentially escalating to full system compromise through chained attacks. Attackers can craft payloads that exploit the vulnerability in various contexts including user profiles, content submission forms, and administrative interfaces, making it a versatile threat vector. This weakness directly impacts the integrity of the content management system and can lead to unauthorized data access, modification, or exfiltration, undermining the security posture of organizations relying on AEM for digital experience management.

Organizations should implement immediate mitigations including upgrading to Adobe Experience Manager version 6.5.23 or later, which contains patches addressing this vulnerability. Additional protective measures include implementing comprehensive input validation and output encoding mechanisms, deploying web application firewalls to detect and block malicious payloads, and conducting regular security assessments of form processing components. The remediation strategy should align with ATT&CK technique T1566.001 - Phishing: Spearphishing Attachment, as attackers may leverage this vulnerability to deliver malicious payloads through compromised forms. Organizations must also establish monitoring procedures to detect unauthorized form modifications and implement strict access controls to limit user privileges, particularly for content submission interfaces. Security teams should review and update their incident response procedures to address potential exploitation attempts and ensure proper patch management processes are in place to prevent similar vulnerabilities from arising in other components of the AEM ecosystem.

Responsible

Adobe

Reservation

04/30/2025

Disclosure

06/11/2025

Moderation

accepted

CPE

ready

EPSS

0.00279

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!