CVE-2025-47049

Published Jun 10, 2025

Last updated a month ago

CVSS medium 6.1

Overview

Description: Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page.
Source: psirt@adobe.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

psirt@adobe.com: CWE-79

Hype score: Not currently trending

🔴 #Adobe Experience Manager, DOM-based XSS, #CVE-2025-47049 (Critical) https://t.co/bAivKnZogN
@dailycve
16 Jun 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15DC0724-7B85-4EC8-B9E6-76DA0F26F6D5",
            "versionEndExcluding": "6.5.23.0"
          },
          {
            "criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A395D75-088D-41C2-BCE6-30CB049798FE",
            "versionEndExcluding": "2025.5.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References