CVE-2025-27203

CWE-502 — Deserialization of Untrusted Data3 documents3 sources

Severity

9.6CRITICAL

EPSS

25.2%

top 3.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Connect Adobe Adobe Connect

Timeline

PublishedJul 8

Latest updateJul 9

Description

Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does require user interaction and scope is changed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages2 packages

▶NVDadobe/connect< 2025.5.5

▶CVEListV5adobe/adobe_connect24.0

🔴Vulnerability Details

GHSA

GHSA-w9pg-9w7m-8c66: Adobe Connect versions 24↗2025-07-09

▶

CVEList

Adobe Connect | Deserialization of Untrusted Data (CWE-502)↗2025-07-08

▶