Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN699
_____________________________________________________________________

DATE                : 15/10/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe Connect versions prior to
                                        12.10.

=====================================================================
https://helpx.adobe.com/security/products/connect/apsb25-70.html
_____________________________________________________________________


Last updated on Oct 14, 2025

Security update available for Adobe Connect  | APSB25-70

Bulletin ID            Date Published           Priority

APSB25-70              October 14, 2025         3
Summary

Adobe has released a security update for Adobe Connect. This update
resolves critical and moderate vulnerabilities that could lead to
arbitrary code execution and security feature bypass.

Adobe is not aware of any exploits in the wild for any of the issues
addressed in these updates.


Affected Product Versions

Product             Version                Platform     
Adobe Connect       12.9 and earlier       Windows and macOS


Solution

Adobe categorizes these updates with the following  priority ratings
and recommends users update their installation to the latest
version.

Product    Version     Platform     Priority    Availability

Adobe Connect    12.10    Windows and macOS    3    Release Notes


Vulnerability Details

Vulnerability Category   Vulnerability Impact   Severity
CVSS base score    CVSS vector    CVE Number

Cross-site Scripting (DOM-based XSS) (CWE-79)    
Arbitrary code execution    Critical     7.3
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
CVE-2025-49552    

Cross-site Scripting (DOM-based XSS) (CWE-79)
Arbitrary code execution    Critical    9.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
CVE-2025-49553

URL Redirection to Untrusted Site ('Open Redirect') (CWE-601)
Security feature bypass    Moderate     3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2025-54196

Adobe would like to thank the following researchers for
reporting these issue and for working with Adobe to help
protect our customers:   

    Laish (a_l) -- CVE-2025-49552, CVE-2025-49553, CVE-2025-54196

NOTE: Adobe has a public bug bounty program with HackerOne.
If you are interested in working with Adobe as an external
security researcher, please check out
https://hackerone.com/adobe.


For more information, visit https://helpx.adobe.com/security.html,
or email PSIRT@adobe.com.

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================