A critical vulnerability has been identified in Adobe Connect versions 12.9 and earlier. This flaw, a DOM-based Cross-Site Scripting (XSS) vulnerability, allows an attacker to execute malicious code in a user's web browser, potentially leading to session hijacking, data theft, or unauthorized actions on behalf of the victim.

This is a DOM-based Cross-Site Scripting (XSS) vulnerability. It occurs when the client-side scripts within the Adobe Connect application handle data from an untrusted source (such as a URL fragment) in an unsafe way and write it into the Document Object Model (DOM). An attacker can exploit this by crafting a malicious URL containing a script and tricking a legitimate user into clicking it. When the victim's browser processes the URL, the malicious script is executed within the context of their authenticated session, granting the attacker access to their data and the ability to perform actions as that user.

This vulnerability is rated as critical severity with a CVSS score of 9.3. Successful exploitation could lead to significant business consequences, including the compromise of user accounts, session hijacking, and theft of sensitive data shared within Adobe Connect meetings or content libraries. An attacker could potentially gain unauthorized access to confidential discussions, presentations, and user credentials. This poses a direct risk of data breaches, reputational damage, and loss of trust from clients and partners who rely on the platform for secure communication.

Immediate Action: The primary remediation is to update all affected Adobe Connect instances to the latest secure version as recommended by the vendor. Prioritize patching for internet-facing systems. Concurrently, security teams should actively monitor for signs of exploitation attempts by reviewing web server and application access logs for suspicious URL patterns.

Proactive Monitoring: Implement enhanced monitoring of web server logs, specifically looking for requests containing common XSS payloads, script tags (<script>, onerror, onload), or unusual URL encoding. Utilize endpoint security solutions to detect and alert on abnormal browser process behavior that may indicate successful script execution. Network traffic should be analyzed for unexpected outbound connections from client browsers accessing the Adobe Connect platform.

Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:

• Deploy a Web Application Firewall (WAF) with a robust ruleset configured to detect and block XSS attack patterns.
• Enforce a strict Content Security Policy (CSP) on the web server to limit the sources from which scripts can be executed, thereby preventing the execution of unauthorized attacker-injected scripts.
• Increase user awareness training to educate employees on the dangers of clicking unsolicited or suspicious links.

Public Exploit Available: false

Given the critical CVSS score of 9.3, this vulnerability represents a significant and immediate risk to the organization. The primary recommendation is to patch all affected Adobe Connect systems to the latest version with the utmost urgency. Although this vulnerability is not currently listed in the CISA KEV catalog, its high severity warrants treating it with the same priority as an actively exploited threat. If patching is delayed, the compensating controls outlined above must be implemented immediately to reduce the attack surface.