CVE-2025-49552: 
NixOS vulnerability analysis and mitigation

Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability identified as CVE-2025-49552. The vulnerability was discovered and disclosed on October 14, 2025, affecting Adobe Connect's web-based collaboration platform (NVD, Adobe Advisory).

The vulnerability is classified as a DOM-based Cross-Site Scripting (XSS) issue that could be exploited by a high-privileged attacker to execute malicious scripts in a victim's browser. The vulnerability has received a CVSS v3.1 base score of 8.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N, indicating network accessibility with low attack complexity but requiring high privileges and user interaction (NVD).

A successful exploitation of this vulnerability could lead to session takeover, with high confidentiality and integrity impact. The vulnerability requires user interaction, specifically requiring a victim to navigate to a crafted web page. The scope is changed, indicating that the vulnerability can affect resources beyond the security scope of the vulnerable component (NVD).

Adobe has released version 12.10 to address this vulnerability. Users of affected systems are advised to update to the latest version immediately. The update is available through the standard Adobe update channels (ASEC Advisory).