CVE-2025-47049
📋 TL;DR
Adobe Experience Manager versions 6.5.22 and earlier contain a DOM-based Cross-Site Scripting vulnerability. An attacker can manipulate the DOM to execute malicious JavaScript in a victim's browser when they visit a specially crafted webpage. This affects all users of vulnerable Adobe Experience Manager instances.
💻 Affected Systems
- Adobe Experience Manager
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, perform actions as the authenticated user, redirect to malicious sites, or install malware via drive-by downloads.
Likely Case
Session hijacking, credential theft, or defacement of web content through injected scripts.
If Mitigated
Limited impact with proper Content Security Policy (CSP) headers and input validation, though vulnerability remains present.
🎯 Exploit Status
Exploitation requires user interaction (victim must visit malicious page) but doesn't require authentication to the AEM instance.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.5.23 or later
Vendor Advisory: https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html
Restart Required: Yes
Instructions:
1. Download Adobe Experience Manager 6.5.23 or later from Adobe's distribution portal. 2. Follow Adobe's upgrade documentation for your deployment type (on-premise or cloud). 3. Restart all AEM instances after applying the update.
🔧 Temporary Workarounds
Implement Content Security Policy
allAdd strict CSP headers to prevent execution of unauthorized scripts
Add 'Content-Security-Policy' header with appropriate directives to web server configuration
Input Validation Filter
allImplement server-side validation of all user inputs
Configure AEM filters to sanitize DOM-manipulating inputs
🧯 If You Can't Patch
- Implement strict Content Security Policy headers with script-src directives
- Use web application firewall rules to block suspicious DOM manipulation patterns
🔍 How to Verify
Check if Vulnerable:
Check AEM version via CRXDE Lite or system console. If version is 6.5.22 or earlier, system is vulnerable.Check Version:
curl -s http://aem-host:port/system/console/status-productinfo | grep 'Adobe Experience Manager'Verify Fix Applied:
Verify AEM version is 6.5.23 or later and test DOM manipulation inputs are properly sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual JavaScript execution patterns in browser logs
- Suspicious URL parameters containing script tags
Network Indicators:
- Requests with encoded script payloads in query parameters
- Unusual redirect patterns
SIEM Query:
source="aem-access.log" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")