CVE-2025-64539 (CRITICAL) CVSS 9.3
🔴 Severity: CRITICAL (CVSS 9.3)
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the victim’s browser. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Exploitation of this issue requires user interaction in that a victim must visit a crafted malicious page.
Published: 2025-12-10
Last Modified: 2025-12-12 ⚠️
References: