Login Sign Up

CVE-2025-64825

5.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

Adobe Experience Manager versions 6.5.23 and earlier contain a stored XSS vulnerability where low-privileged attackers can inject malicious scripts into form fields. When victims browse pages containing these compromised fields, their browsers execute the attacker's JavaScript. This affects organizations using vulnerable AEM instances for content management.

💻 Affected Systems

Products:
  • Adobe Experience Manager
Versions: 6.5.23 and earlier
Operating Systems: All platforms running AEM
Default Config Vulnerable: ⚠️ Yes
Notes: Requires low-privileged attacker access to vulnerable form fields.

📦 What is this software?

Experience Manager by Adobe

View all CVEs affecting Experience Manager →

Experience Manager by Adobe

View all CVEs affecting Experience Manager →

Experience Manager by Adobe

View all CVEs affecting Experience Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or deploy additional malware through client-side attacks.

🟠

Likely Case

Session hijacking, credential theft, or defacement of web content through injected scripts.

🟢

If Mitigated

Limited impact with proper input validation, output encoding, and Content Security Policy (CSP) headers in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated low-privileged access to vulnerable form fields.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.5.24 or later

Vendor Advisory: https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html

Restart Required: Yes

Instructions:

1. Download AEM 6.5.24 or later from Adobe's distribution portal. 2. Follow Adobe's upgrade documentation for your deployment type (author/publish). 3. Apply the update and restart all AEM instances. 4. Verify the update completed successfully.

🔧 Temporary Workarounds

Implement Content Security Policy

all

Add CSP headers to restrict script execution sources

Add to web server configuration: Content-Security-Policy: default-src 'self'; script-src 'self'

Input Validation Rules

all

Add server-side validation for all form fields

Implement input validation in AEM components using Java validation frameworks

🧯 If You Can't Patch

  • Restrict low-privileged user access to content editing capabilities
  • Implement web application firewall (WAF) rules to block XSS payloads

🔍 How to Verify

Check if Vulnerable:

Check AEM version via CRXDE Lite or system console. If version is 6.5.23 or earlier, system is vulnerable.

Check Version:

curl -u admin:password http://localhost:4502/system/console/status-productinfo

Verify Fix Applied:

Confirm AEM version is 6.5.24 or later and test form fields for XSS payload acceptance.

📡 Detection & Monitoring

Log Indicators:

  • Unusual content modifications by low-privileged users
  • Script tags in content repository entries

Network Indicators:

  • Suspicious JavaScript payloads in HTTP POST requests to form endpoints

SIEM Query:

source="aem-access.log" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")

📊 Metadata

CVE ID: CVE-2025-64825
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.04% exploit probability (10.1th percentile)
Published: December 10, 2025
Last Updated: December 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64825, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)