Plataforma
adobe
Componente
adobe-connect
Corrigido em
12.9.1
A critical Cross-Site Scripting (XSS) vulnerability (CVE-2025-49553) has been identified in Adobe Connect versions 0 through 12.9. This DOM-based XSS allows attackers to inject malicious scripts into a victim's browser, potentially leading to session hijacking and data compromise. Successful exploitation requires a user to navigate to a specially crafted web page. Adobe has acknowledged the vulnerability and released updates to address the issue.
The impact of CVE-2025-49553 is significant due to the potential for session takeover. An attacker could craft a malicious web page that, when visited by a user, executes arbitrary JavaScript code within the user's browser context. This code could then be used to steal session cookies, impersonate the user, and gain unauthorized access to sensitive data and functionality within Adobe Connect. The scope of this vulnerability is broad, affecting all users who interact with vulnerable versions of Adobe Connect. The vulnerability's DOM-based nature means it's less reliant on specific input fields, potentially broadening the attack surface.
CVE-2025-49553 was publicly disclosed on 2025-10-14. The vulnerability has a CRITICAL CVSS score of 9.3, indicating a high probability of exploitation. While no public proof-of-concept (PoC) code has been released as of this writing, the ease of exploitation for DOM-based XSS vulnerabilities suggests that PoCs are likely to emerge. Monitor security advisories and threat intelligence feeds for any signs of active exploitation campaigns.
Organizations heavily reliant on Adobe Connect for webinars, training sessions, or internal communications are particularly at risk. Users who frequently share links or collaborate within Adobe Connect are also more vulnerable, as they may inadvertently click on malicious links. Environments with weak input validation or insufficient security controls are at heightened risk.
• adobe: Monitor Adobe Connect server logs for unusual JavaScript execution patterns or requests to suspicious URLs. • generic web: Use a web application firewall (WAF) to detect and block requests containing potentially malicious JavaScript code. • generic web: Regularly scan Adobe Connect installations for known XSS vulnerabilities using automated vulnerability scanners.
disclosure
Status do Exploit
EPSS
0.07% (percentil 20%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-49553 is to upgrade Adobe Connect to a patched version. Adobe has released updates to address this vulnerability; consult the official Adobe security advisory for the latest version. As a temporary workaround, consider implementing strict Content Security Policy (CSP) headers to restrict the execution of inline scripts and external resources. Review and sanitize any user-supplied input that is rendered within Adobe Connect to prevent malicious code injection. After upgrading, confirm the fix by attempting to trigger the XSS vulnerability with a known payload and verifying that the script is not executed.
Atualize o Adobe Connect para uma versão posterior à 12.9 para corrigir a vulnerabilidade XSS. Consulte o boletim de segurança da Adobe para obter mais detalhes e instruções específicas sobre a atualização.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-49553 is a critical DOM-based XSS vulnerability affecting Adobe Connect versions 0–12.9, allowing attackers to execute scripts in a victim's browser.
If you are using Adobe Connect versions 0 through 12.9, you are potentially affected by this vulnerability. Check your version and upgrade immediately.
Upgrade Adobe Connect to the latest patched version as recommended by Adobe. Implement Content Security Policy (CSP) as a temporary mitigation.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of future attacks.
Refer to the official Adobe Security Bulletin for CVE-2025-49553 on the Adobe Security Advisories website.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.