CVE-2025-43567 CRITICAL

CVE-2025-43567: Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79)

Vendor Adobe
Product Adobe Connect
Weakness CWE-79 · XSS
Published May 13, 2025
Last update February 26, 2026
View on NVD All CVEs

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

Key dates

02Disclosure timeline

May 13, 2025 CVE published
February 26, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-53787 WordPress Random Banner plugin <= 4.2.12 - Cross Site Scripting (XSS) vulnerability CVE-2025-64614 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2025-48291 WordPress Contest Gallery <= 26.0.6 - Cross Site Scripting (XSS) Vulnerability CVE-2025-41102 Multiple vulnerabilities in Fairsketch's RISE CRM Framework CVE-2026-1923 Social Rocket – Social Sharing Plugin <= 1.3.4.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via id