Rewterz

CVE-2025-4613 – Trend Micro Maximum Security Vulnerability

June 16, 2025
Rewterz

VexTrio Hacks Hundreds of WordPress Sites for TDS Campaign – Active IOCs

June 16, 2025

Multiple Adobe Experience Manager Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-47116 CVSS:5.4

Adobe Experience Manager versions are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE-2025-47117 CVSS:5.2

Adobe Experience Manager versions are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE-2025-47096 CVSS:3.5

Adobe Experience Manager versions are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Low privileges are required.

CVE-2025-47113 CVSS:5.4

Adobe Experience Manager versions are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE-2025-47114 CVSS:5.4

Adobe Experience Manager versions are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE-2025-47115 CVSS:5.4

Adobe Experience Manager versions are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE-2025-47088 CVSS:5.4

Adobe Experience Manager versions are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE-2025-47089 CVSS:5.4

Adobe Experience Manager versions are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Impact

  • Cross-Site Scripting
  • Code Execution

Indicators of Compromise

CVE

  • CVE-2025-47116
  • CVE-2025-47117
  • CVE-2025-47096
  • CVE-2025-47113
  • CVE-2025-47114
  • CVE-2025-47115
  • CVE-2025-47088
  • CVE-2025-47089

Affected Vendors

  • Adobe

Affected Products

  • Adobe Experience Manager - 6.5.22

Remediation

Refer to the Adobe Security Advisory for patch, upgrade, or suggested workaround information.

Adobe Security Advisory

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.