Analysis Summary

CVE-2025-30314 CVSS:6.1

Adobe Connect versions are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE-2025-30315 CVSS:6.1

Adobe Connect versions are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE-2025-30316 CVSS:5.4

Adobe Connect versions are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE-2025-43567 CVSS:9.3

Adobe Connect is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Impact

• Cross-Site Scripting

Indicators of Compromise

CVE

• CVE-2025-30314

• CVE-2025-30315

• CVE-2025-30316

• CVE-2025-43567

Affected Vendors

Affected Products

• Adobe Connect - 12.8

Remediation

Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.

Adobe Security Advisory