CVE-2025-49552 HIGH

CVE-2025-49552: Adobe Connect | Cross-site Scripting (DOM-based XSS) (CWE-79)

Vendor Adobe
Product Adobe Connect
Weakness CWE-79 · XSS
Published October 14, 2025
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a victim must navigate to a crafted web page. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Scope is changed.

Key dates

02Disclosure timeline

October 14, 2025 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-22794 WordPress World Cup Predictor Plugin <= 1.9.8 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2026-27242 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-47341 WordPress WP-DownloadManager plugin <= 1.68.8 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-26110 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-33640 WordPress Pretty Google Calendar plugin <= 1.7.2 - Cross Site Scripting (XSS) vulnerability