CVE-2025-49553

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

9.3CRITICAL

EPSS

0.1%

top 75.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Connect Adobe Adobe Connect

Timeline

PublishedOct 14

Latest updateOct 15

Description

Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a victim must navigate to a crafted web page. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Scope is changed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.8

Affected Packages2 packages

▶NVDadobe/connect< 12.10

▶CVEListV5adobe/adobe_connect12.9

🔴Vulnerability Details

GHSA

GHSA-8vp7-vr5r-qcx9: Adobe Connect versions 12↗2025-10-15

▶

CVEList

Adobe Connect | Cross-site Scripting (DOM-based XSS) (CWE-79)↗2025-10-14

▶