CVE-2025-49552: Cross-site Scripting (DOM-based XSS) (CWE-79) in Adobe Adobe Connect
Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a victim must navigate to a crafted web page. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Scope is changed.
AI Analysis
Technical Summary
CVE-2025-49552 is a DOM-based XSS vulnerability affecting Adobe Connect versions 12.9 and earlier. It allows an attacker with high privileges to inject and execute malicious scripts in the context of a victim's browser when the victim visits a specially crafted web page. The vulnerability requires user interaction and can result in session takeover, thereby compromising confidentiality and integrity. The CVSS 3.1 base score is 8.1, reflecting high severity with network attack vector, low attack complexity, required privileges at a high level, and user interaction. The vulnerability changes the security scope, indicating impact beyond the vulnerable component. No known exploits in the wild or patch information is currently available.
Potential Impact
The vulnerability enables attackers to execute arbitrary scripts in the victim's browser, potentially leading to session hijacking. This compromises the confidentiality and integrity of user sessions within Adobe Connect. The attack requires user interaction and a high-privileged attacker, but successful exploitation can result in significant security impact. Availability is not affected.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should exercise caution with links and content within Adobe Connect environments, especially from untrusted sources. Monitor Adobe's official channels for updates and patches addressing this vulnerability.
CVE-2025-49552: Cross-site Scripting (DOM-based XSS) (CWE-79) in Adobe Adobe Connect
Description
Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a victim must navigate to a crafted web page. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Scope is changed.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-49552 is a DOM-based XSS vulnerability affecting Adobe Connect versions 12.9 and earlier. It allows an attacker with high privileges to inject and execute malicious scripts in the context of a victim's browser when the victim visits a specially crafted web page. The vulnerability requires user interaction and can result in session takeover, thereby compromising confidentiality and integrity. The CVSS 3.1 base score is 8.1, reflecting high severity with network attack vector, low attack complexity, required privileges at a high level, and user interaction. The vulnerability changes the security scope, indicating impact beyond the vulnerable component. No known exploits in the wild or patch information is currently available.
Potential Impact
The vulnerability enables attackers to execute arbitrary scripts in the victim's browser, potentially leading to session hijacking. This compromises the confidentiality and integrity of user sessions within Adobe Connect. The attack requires user interaction and a high-privileged attacker, but successful exploitation can result in significant security impact. Availability is not affected.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should exercise caution with links and content within Adobe Connect environments, especially from untrusted sources. Monitor Adobe's official channels for updates and patches addressing this vulnerability.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- adobe
- Date Reserved
- 2025-06-06T15:42:09.517Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68eeccd7eb8be918751956eb
Added to database: 10/14/2025, 10:21:11 PM
Last enriched: 4/29/2026, 10:48:34 AM
Last updated: 5/10/2026, 6:31:04 AM
Views: 253
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.