Platform
adobe
Component
adobe-connect
Fixed in
12.8.1
A reflected Cross-Site Scripting (XSS) vulnerability exists in Adobe Connect versions 12.8 and earlier. This flaw allows attackers to inject malicious scripts into vulnerable form fields within the application. Successful exploitation can lead to session hijacking and compromise of sensitive data, impacting user confidentiality and integrity.
The XSS vulnerability in Adobe Connect allows an attacker to inject arbitrary JavaScript code into a victim's browser. This can be achieved by crafting a malicious URL containing the injected script and enticing a user to visit it. Upon visiting the crafted URL, the injected script executes within the user's browser context, effectively allowing the attacker to control the user's session. This can lead to unauthorized access to user accounts, data theft, and potentially further compromise of the system. The high CVSS score reflects the ease of exploitation and the significant impact of successful attacks.
CVE-2025-43567 was publicly disclosed on 2025-05-13. The vulnerability's ease of exploitation and potential for session takeover suggest a medium probability of exploitation (EPSS score likely medium). No public proof-of-concept exploits are currently known, but the XSS nature of the vulnerability makes it likely that exploits will emerge. Refer to the Adobe Security Bulletin for further details.
Exploit Status
EPSS
0.78% (74% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-43567 is to upgrade Adobe Connect to a patched version. Adobe has not yet released a specific fixed version, so monitor Adobe's security advisories for updates. As a temporary workaround, implement strict input validation and output encoding on all user-supplied data within Adobe Connect. Consider using a Web Application Firewall (WAF) with XSS filtering rules to block malicious requests. Regularly scan your Adobe Connect installation for vulnerabilities using automated security scanning tools.
Update Adobe Connect to a version later than 12.8. This will resolve the reflected XSS vulnerability. See the Adobe security advisory for more details and specific instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-43567 is a critical Cross-Site Scripting (XSS) vulnerability affecting Adobe Connect versions 0–12.8, allowing attackers to inject malicious scripts.
If you are using Adobe Connect versions 0 through 12.8, you are potentially affected by this vulnerability. Check Adobe's security advisories for confirmation and updates.
Upgrade to a patched version of Adobe Connect as soon as it becomes available. Monitor Adobe's security advisories for updates and implement temporary workarounds like input validation and WAF rules.
While no public exploits are currently known, the vulnerability's nature suggests a potential for exploitation. Monitor security advisories and implement preventative measures.
Refer to the Adobe Security Bulletin for the latest information and updates regarding CVE-2025-43567: [https://www.adobe.com/security/advisories/](https://www.adobe.com/security/advisories/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.