CVE-2025-43567

Name of the Vulnerable Software and Affected Versions: Adobe Connect versions 12.8 and earlier

Description: The issue is a reflected Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to inject malicious scripts into vulnerable form fields. When a victim accesses the page containing the vulnerable field, malicious JavaScript may be executed in their browser. A successful attack can lead to session takeover, increasing the impact on confidentiality and integrity.

Recommendations: For Adobe Connect versions 12.8 and earlier, consider disabling vulnerable form fields until a patch is available to prevent malicious script injection. Restrict access to sensitive areas of the application to minimize the risk of session takeover. Avoid using vulnerable fields in forms until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.