27
Open CVEs
1
Exploited
1
KEV
27
Unpatched
11
No Workaround
24
Internet-facing
Why this provider is risky now
This provider has 27 open CVE(s) in the last 30 days. 1 listed in CISA KEV (known exploited). 27 have no vendor patch. 24 affect internet-facing services.
1 KEV
1 Exploited
27 Unpatched
1 Public PoC
11 No Workaround
24 Internet-facing
Top Risky CVEs
Prototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execution in user context via malicious PDF files. Attack requires user interaction to open a crafted document. CVSS 9.6 (Critical) reflects network-deliverable code execution with scope change, though EPSS 0.24% (46th percentile) suggests moderate real-world exploitation probability. No public exploit identified at time of analysis.
Within 24 hours: Inventory all systems running Adobe Acrobat Reader versions 24.001.30356 or 26.001.21367 and earlier; disable PDF opening in email clients and restrict Adobe Reader to trusted document sources only. Within 7 days: Deploy endpoint controls blocking unsigned PDF execution; implement network segmentation isolating systems that require PDF processing; consider temporary use of alternative PDF viewers for non-critical workflows. Within 30 days: Monitor Adobe security advisories for patch release; test patch in isolated environment immediately upon vendor release; deploy patch to all vulnerable systems with priority to users receiving external documents.
Edge exposure
ICT dependency
Active exploitation
No patch available
KEV
PoC
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-1321: Prototype Pollution)
- • Third-party ICT: Adobe
- • Exploited in the wild (CISA KEV)
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • HIGH severity
- • ICT provider: Adobe (ERP & Business Platforms)
- • Known exploited vulnerability (KEV)
- • No remediation available
8.6
CVSS
0.2%
EPSS
118
Priority
Remote code execution in Adobe Connect versions 12.10 and earlier allows unauthenticated attackers to execute arbitrary code through deserialization of untrusted data. The vulnerability achieves scope change, enabling attackers to break out of the application's security context and impact resources beyond the vulnerable component. Despite the 9.6 CVSS score and total technical impact classification, no active exploitation has been confirmed (SSVC: exploitation=none), and CISA has not added this to the KEV catalog. The attack requires low complexity but does require user interaction (CVSS UI:R), constraining automatic exploitation scenarios.
Within 24 hours: Inventory all Adobe Connect deployments and identify systems running version 12.10 or earlier; isolate these systems from sensitive networks if possible and restrict user access to essential personnel only. Within 7 days: Contact Adobe Support to confirm patch availability status and request security guidance; implement network-level controls to restrict Adobe Connect traffic to known trusted sources. Within 30 days: Upgrade to Adobe Connect 12.11 or later (verify vendor release of patched version); if patching is unavailable within 30 days, evaluate migration to alternative collaboration platforms or implement compensating controls (see below).
Edge exposure
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing (CWE-502: Deserialization of Untrusted Data)
- • Third-party ICT: Adobe
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Adobe (ERP & Business Platforms)
- • No remediation available
9.6
CVSS
1.5%
EPSS
50
Priority
Arbitrary code execution affects Adobe Connect through version 12.10 and 2025.3 via deserialization of untrusted data. Remote attackers can execute code in the victim's security context without authentication but require user interaction (UI:R), with scope change enabling cross-boundary impacts. No active exploitation confirmed (SSVC: exploitation=none), though the CVSS score of 9.3 reflects critical severity due to network attack vector, low complexity, and high confidentiality/integrity impact. Adobe has released security bulletin APSB26-37 addressing this vulnerability.
Within 24 hours: Identify all Adobe Connect instances in your environment and document current versions; immediately review Adobe security bulletin APSB26-37 for interim mitigation guidance. Within 7 days: Implement network-level access controls to restrict Adobe Connect exposure and apply any available security patches released by Adobe as alternatives to vulnerable versions. Within 30 days: Complete migration of all Adobe Connect deployments to patched versions (post-12.10 and post-2025.3 releases) once vendor patches become available, and conduct user awareness training on phishing/social engineering risks targeting this vector.
Edge exposure
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing (CWE-502: Deserialization of Untrusted Data)
- • Third-party ICT: Adobe
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Adobe (ERP & Business Platforms)
- • No remediation available
9.3
CVSS
1.4%
EPSS
48
Priority
Reflected XSS in Adobe Connect 12.10 and earlier enables remote attackers to execute arbitrary JavaScript in victim browsers via malicious URLs. The scope-changed CVSS designation reflects potential cross-domain impact, elevating this to critical severity (9.3). No public exploit identified at time of analysis, though the attack vector is straightforward for reflected XSS patterns. Attack requires user interaction (visiting crafted URL) but no authentication, making it viable for phishing and social engineering campaigns targeting Adobe Connect users.
Within 24 hours: inventory all Adobe Connect deployments and version numbers across the organization; notify end-users to avoid clicking unfamiliar links in emails or messages referencing Adobe Connect meetings. Within 7 days: implement email gateway controls to flag or block suspicious URLs containing Adobe Connect domains; enable browser security headers (CSP, X-Frame-Options) on Adobe Connect instances if configurable. Within 30 days: contact Adobe for upgrade timeline to version 12.11 or later once available; evaluate migration to Adobe Connect cloud-hosted version if patched earlier; implement Web Application Firewall (WAF) rules to filter reflected XSS payloads targeting Adobe Connect endpoints.
Edge exposure
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing (CWE-79: Cross-site Scripting (XSS))
- • Third-party ICT: Adobe
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Adobe (ERP & Business Platforms)
- • No remediation available
9.3
CVSS
0.1%
EPSS
47
Priority
Reflected Cross-Site Scripting in Adobe Connect 12.10 and earlier allows unauthenticated remote attackers to execute malicious JavaScript in victim browsers via crafted URLs, with scope change enabling attacks beyond the vulnerable application's security context. CVSS 9.3 severity driven by network-based attack vector requiring no privileges, changed scope allowing cross-domain impact, and high confidentiality/integrity compromise. No public exploit identified at time of analysis, though the low attack complexity and widespread Adobe Connect deployment in enterprise web conferencing environments elevates real-world risk.
Within 24 hours: Identify all instances of Adobe Connect 12.10 and earlier in production and document current version inventory. Within 7 days: Implement network-level controls restricting Adobe Connect access to known internal IP ranges and require multi-factor authentication for all user sessions; monitor for suspicious URLs and failed session activity. Within 30 days: Contact Adobe for patch availability status and testing timeline; prepare upgrade plan to patched version upon release; consider temporary restriction of external access to Adobe Connect until patch deployment is complete.
Edge exposure
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing (CWE-79: Cross-site Scripting (XSS))
- • Third-party ICT: Adobe
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Adobe (ERP & Business Platforms)
- • No remediation available
9.3
CVSS
0.1%
EPSS
47
Priority
DOM-based Cross-Site Scripting (XSS) in Adobe Connect versions 12.10 and earlier allows unauthenticated remote attackers to execute arbitrary JavaScript in victim browsers with changed scope, enabling cross-origin attacks. Exploitation requires social engineering to lure victims to a malicious webpage. No public exploit identified at time of analysis, with SSVC indicating no current exploitation and EPSS data not provided. The 9.3 CVSS reflects the changed scope (S:C) allowing attacks beyond the vulnerable application's security context, combined with high confidentiality and integrity impact despite requiring user interaction.
Within 24 hours: Inventory all Adobe Connect deployments and versions across the organization; communicate vulnerability details to all Connect administrators. Within 7 days: Evaluate immediate upgrade feasibility to Adobe Connect 12.11 or later when available; if upgrade cannot be completed, implement compensating controls listed below and restrict Connect access to internal networks only. Within 30 days: Complete upgrade to patched Adobe Connect version and verify all instances are running 12.11 or later; conduct security awareness training on social engineering tactics used to distribute malicious links targeting Connect users.
Edge exposure
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing (CWE-79: Cross-site Scripting (XSS))
- • Third-party ICT: Adobe
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Adobe (ERP & Business Platforms)
- • No remediation available
9.3
CVSS
0.1%
EPSS
47
Priority
Cross-site scripting (XSS) in Adobe Connect versions 12.10 and earlier, including the 2025.3 release line, enables privilege escalation when low-privileged authenticated users trick victims into visiting malicious URLs. The changed scope (CVSS S:C) indicates the vulnerability can affect resources beyond the vulnerable application's security context. EPSS data not available; no evidence of active exploitation (not in CISA KEV) or public exploit code at time of analysis. Requires user interaction (UI:R) but has low attack complexity (AC:L) and network-based attack vector (AV:N), making social engineering campaigns feasible.
Within 24 hours: Identify all Adobe Connect deployments in your environment and document current versions; notify users of social engineering risk and advise against clicking unfamiliar links within Connect. Within 7 days: Implement network controls to restrict Adobe Connect access to authorized users only; enable enhanced logging for privilege escalation attempts. Within 30 days: Contact Adobe for patch timeline estimates; evaluate alternative conferencing solutions or implement compensating controls such as Web Application Firewalls (WAF) configured to filter malicious URL patterns and restrict authenticated users' ability to inject script content.
Edge exposure
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-79: Cross-site Scripting (XSS))
- • Third-party ICT: Adobe
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • HIGH severity
- • ICT provider: Adobe (ERP & Business Platforms)
- • No remediation available
8.7
CVSS
0.0%
EPSS
44
Priority
Prototype pollution in Adobe Acrobat Reader allows arbitrary code execution when victims open malicious PDF files. Affects Acrobat Reader versions through 26.001.21411, 24.001.30360, and 24.001.30362. Attack requires local file access with user interaction (CVSS AV:L/UI:R) but achieves scope change and full CIA impact (S:C/C:H/I:H/A:H), yielding CVSS 8.6. No public exploit identified at time of analysis. Vendor advisory available from Adobe (APSB26-44). EPSS data not provided; exploitation status limited to user-interaction-dependent local attack vector.
Within 24 hours: inventory all systems running Adobe Acrobat Reader versions 26.001.21411 or earlier, 24.001.30360, or 24.001.30362; restrict end-user opening of PDFs from untrusted sources pending remediation. Within 7 days: monitor Adobe security advisories (APSB26-44) for patch release and testing in isolated environments; communicate patch timeline to end users and management. Within 30 days: deploy vendor-released patch to all affected Acrobat Reader instances; validate deployment across asset inventory and confirm version compliance.
Edge exposure
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing (CWE-1321: Prototype Pollution)
- • Third-party ICT: Adobe
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • HIGH severity
- • ICT provider: Adobe (ERP & Business Platforms)
- • No remediation available
8.6
CVSS
0.1%
EPSS
43
Priority
Arbitrary code execution in Adobe FrameMaker 2022.8 and earlier via DLL hijacking/search path manipulation allows local attackers to run malicious code in user context without interaction. CVSS 8.6 severity stems from changed scope and high confidentiality/integrity/availability impact despite local attack vector. No public exploit identified at time of analysis. EPSS data not available for this recent CVE. Vendor patch released per Adobe Security Bulletin APSB26-36.
Within 24 hours: Inventory all systems running Adobe FrameMaker 2022.8 or earlier and isolate high-risk endpoints if patching cannot be completed immediately. Within 7 days: Apply vendor-released patch per Adobe Security Bulletin APSB26-36 to all affected FrameMaker installations; verify patch deployment across the organization. Within 30 days: Conduct post-patch validation testing and review access logs for any suspicious local process execution tied to FrameMaker.
Edge exposure
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing technique: rce
- • Third-party ICT: Adobe
- • No patch available
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • HIGH severity
- • ICT provider: Adobe (ERP & Business Platforms)
- • No remediation available
8.6
CVSS
0.0%
EPSS
43
Priority
Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged lo
Edge exposure
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing technique: rce
- • Third-party ICT: Adobe
- • No patch available
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • HIGH severity
- • ICT provider: Adobe (ERP & Business Platforms)
- • No remediation available
8.2
CVSS
41
Priority
By Exposure
Internet-facing
24
Mgmt / Admin Plane
0
Identity / Auth
0
Internal only
3
By Exploitability
Known exploited
1
Public PoC
1
High EPSS (>30%)
0
Remote unauthenticated
7
Local only
15
By Remediation
Patch available
0
No patch
27
Workaround available
16
No workaround
11
Affected Services / Product Families
Adobe
27 CVE(s)
+ 17 more