CVE-2025-64538

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.23 and earlier

Description Adobe Experience Manager is susceptible to a DOM-based Cross-Site Scripting (XSS) issue that may allow for arbitrary code execution. An attacker could leverage this by injecting malicious scripts into a web page, which would then execute within the context of a user's browser. Successful exploitation could lead to session takeover, impacting confidentiality and integrity. Exploitation requires user interaction, specifically a victim visiting a crafted malicious page.

Recommendations Update Adobe Experience Manager to a version later than 6.5.23.