CVE-2025-49552

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

8.1HIGH

EPSS

0.1%

top 76.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Connect Adobe Adobe Connect

Timeline

PublishedOct 14

Latest updateOct 15

Description

Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a victim must navigate to a crafted web page. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Scope is changed.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:NExploitability: 1.0 | Impact: 5.8

Affected Packages2 packages

▶NVDadobe/connect< 12.10

▶CVEListV5adobe/adobe_connect12.9

🔴Vulnerability Details

GHSA

GHSA-8q5q-w44r-4fr9: Adobe Connect versions 12↗2025-10-15

▶

CVEList

Adobe Connect | Cross-site Scripting (DOM-based XSS) (CWE-79)↗2025-10-14

▶

📋Vendor Advisories

Microsoft

bpf: Fix combination of jit blinding and pointers to bpf subprogs.↗2025-02-11

▶