CVE-2025-47035 in Experience Managerinfo

Summary

by MITRE • 06/11/2025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 06/16/2025

Adobe Experience Manager versions 6.5.22 and earlier contain a stored cross-site scripting vulnerability that represents a significant security risk for organizations relying on this content management platform. This vulnerability falls under the CWE-79 category of Cross-Site Scripting, specifically classified as a stored XSS flaw where malicious payloads persist in the application's database and execute when legitimate users access affected pages. The vulnerability manifests when low privileged attackers exploit form fields within the AEM interface to inject malicious JavaScript code that gets stored and subsequently executed in victims' browsers.

The technical implementation of this vulnerability stems from insufficient input validation and output encoding mechanisms within the AEM form processing components. When users submit data through vulnerable forms, the application fails to properly sanitize or encode the input before storing it in the database. This allows attackers with minimal privileges to inject malicious scripts that can execute in the context of other users' sessions. The stored nature of the vulnerability means that once the malicious payload is injected, it remains persistent and will execute whenever any user views the affected content, regardless of their privileges or authentication status.

The operational impact of this vulnerability extends beyond simple script execution, as it provides attackers with the capability to escalate privileges, steal session cookies, perform unauthorized actions on behalf of users, and potentially gain access to sensitive organizational data. Attackers can leverage this vulnerability to conduct session hijacking attacks, redirect users to malicious sites, or harvest sensitive information from authenticated sessions. The low privilege requirement makes this vulnerability particularly dangerous as it can be exploited by users who normally have limited access rights, potentially leading to unauthorized data manipulation or information disclosure. This vulnerability directly aligns with ATT&CK technique T1531 for Access Token Manipulation and T1071.001 for Application Layer Protocol: Web Protocols, as it enables attackers to manipulate web application behavior and access user sessions through browser-based exploits.

Organizations should prioritize immediate mitigation through the application of Adobe's official patches and security updates for AEM versions 6.5.22 and earlier. The recommended approach includes implementing comprehensive input validation mechanisms that sanitize all user-supplied data before storage, enforcing strict output encoding for all dynamic content, and applying proper content security policies to prevent script execution. Additional defensive measures should include regular security assessments of form fields and user input components, implementation of web application firewalls to detect and block malicious payloads, and monitoring for unusual data submission patterns. Organizations should also consider implementing privilege escalation controls and user access reviews to limit the potential impact of compromised accounts. The vulnerability demonstrates the critical importance of secure input handling in web applications and aligns with security frameworks such as OWASP Top Ten and NIST Cybersecurity Framework, particularly in addressing the prevention of injection attacks and the protection of user session integrity.

Responsible

Adobe

Reservation

04/30/2025

Disclosure

06/11/2025

Moderation

accepted

CPE

ready

EPSS

0.00279

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!