EUVD-2026-22673
GHSA-2xf6-9qjq-vwwm
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
AnalysisAI
Cross-site scripting (XSS) in Adobe Connect versions 12.10 and earlier, including the 2025.3 release line, enables privilege escalation when low-privileged authenticated users trick victims into visiting malicious URLs. The changed scope (CVSS S:C) indicates the vulnerability can affect resources beyond the vulnerable application's security context. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all Adobe Connect deployments in your environment and document current versions; notify users of social engineering risk and advise against clicking unfamiliar links within Connect. Within 7 days: Implement network controls to restrict Adobe Connect access to authorized users only; enable enhanced logging for privilege escalation attempts. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today