DOM-based Cross-Site Scripting Vulnerability in Adobe Connect
CVE-2025-49552

7.3HIGH

Key Information:

Vendor

Adobe
Status
Adobe Connect
Vendor
CVE Published:
14 October 2025

What is CVE-2025-49552?

Adobe Connect versions 12.9 and earlier have a vulnerability that allows a high-privileged attacker to exploit a DOM-based Cross-Site Scripting flaw. This issue could enable the attacker to run malicious scripts in the browser of a victim, contingent upon user interaction. Specifically, victims must visit a specially crafted web page for exploitation to occur. This could lead to session hijacking and potentially compromise confidentiality and integrity.

Affected Version(s)

Adobe Connect 0 <= 12.9

References

https://helpx.adobe.com/security/products/connect/apsb25-...
vendor-advisory

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-49552 : DOM-based Cross-Site Scripting Vulnerability in Adobe Connect