CVE-2025-43567Cross-site Scripting in Adobe Connect

CWE-79Cross-site Scripting3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
0.8%
top 26.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe ConnectAdobe Connect
Timeline
PublishedMay 13

Description

Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.8

Affected Packages2 packages

NVDadobe/connect< 12.9
CVEListV5adobe/adobe_connect12.8

🔴Vulnerability Details

2
GHSA
GHSA-83gr-8r63-wvr9: Adobe Connect versions 122025-05-13
CVEList
Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79)2025-05-13
CVE-2025-43567 — Cross-site Scripting in Adobe Connect | cvebase