CVE-2025-30316: 
NixOS vulnerability analysis and mitigation

Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2025-30316. The vulnerability was disclosed on May 13, 2025, and affects the form field functionality within Adobe Connect. This security issue could potentially be exploited by attackers with low privileges to inject malicious scripts into vulnerable form fields (NVD, Wiz).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue with a CVSS v3.1 Base Score of 5.4 (Medium) and vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The weakness is categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation). The vulnerability requires low attack complexity and low privileges to exploit, though user interaction is required for successful exploitation (NVD, Wiz).

When successfully exploited, the vulnerability allows malicious JavaScript to be executed in a victim's browser when they browse to the page containing the vulnerable field. This could lead to unauthorized access to user data and potential manipulation of the application's content (Wiz).

Adobe has released version 12.9 of Adobe Connect to address this vulnerability. Users are strongly advised to update to this latest version to mitigate the security risk (ASEC).