CVE-2025-47011 in Experience Managerinfo

Summary

by MITRE • 06/11/2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 06/16/2025

Adobe Experience Manager versions 6.5.22 and earlier contain a stored cross-site scripting vulnerability that represents a significant security risk for organizations relying on this content management platform. This vulnerability falls under the CWE-79 category of Cross-Site Scripting, specifically classified as a stored XSS flaw that allows attackers to inject malicious scripts into form fields that persist on the server. The vulnerability exists due to inadequate input validation and output encoding mechanisms within the AEM form processing components, which fail to properly sanitize user-supplied data before rendering it back to users. Attackers with low privilege access can exploit this weakness by submitting malicious payloads through form fields that are subsequently stored in the system's database or content repository.

The operational impact of this vulnerability extends beyond simple script execution as it provides attackers with the capability to hijack user sessions, steal sensitive information, perform unauthorized actions on behalf of victims, and potentially escalate privileges within the AEM environment. When victims browse to pages containing the compromised form fields, their browsers execute the injected JavaScript code, which can establish persistent connections to attacker-controlled servers, exfiltrate cookies and session tokens, or redirect users to malicious websites. The stored nature of this vulnerability means that the malicious scripts remain active until manually removed from the system, creating a persistent threat vector that can affect multiple users over extended periods. This vulnerability directly maps to attack techniques described in the MITRE ATT&CK framework under T1531 for Account Access Removal and T1059.007 for Command and Scripting Interpreter, as attackers can leverage the executed scripts to establish further footholds within the compromised environment.

Organizations utilizing affected Adobe Experience Manager versions should implement immediate mitigations including comprehensive input validation, output encoding, and content security policy enforcement to prevent script injection. The recommended approach involves configuring proper sanitization routines for all user input fields, implementing strict content type restrictions, and deploying web application firewalls with XSS detection capabilities. Additionally, organizations should conduct thorough security assessments of all form-based components within their AEM installations and ensure that privilege levels are appropriately restricted to limit potential attack surface. Adobe has released patches addressing this vulnerability in later versions of the software, making it imperative for affected organizations to upgrade their installations promptly. The vulnerability demonstrates the critical importance of input sanitization in web applications and aligns with security best practices outlined in OWASP Top Ten Project, specifically addressing the risks associated with insufficient logging and monitoring of security events. Organizations should also consider implementing automated vulnerability scanning tools that can detect similar stored XSS patterns in their web applications to prevent similar issues from occurring in other components of their digital infrastructure.

Responsible

Adobe

Reservation

04/30/2025

Disclosure

06/11/2025

Moderation

accepted

CPE

ready

EPSS

0.00279

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!