Vulnerability Description
Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a victim must navigate to a crafted web page. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Scope is changed.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Connect | < 12.10 |
| Apple | Macos | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-49553?
CVE-2025-49553 is a vulnerability with a CVSS score of 9.3 (CRITICAL). Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute malicious scripts in a victim's browser. ...
How severe is CVE-2025-49553?
CVE-2025-49553 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-49553?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Connect, Apple Macos, Microsoft Windows.