CVE-2025-54196: 
NixOS vulnerability analysis and mitigation

Adobe Connect versions 12.9 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability, identified as CVE-2025-54196. The vulnerability was discovered and disclosed on October 14, 2025, with Adobe releasing a security update shortly after. This security issue affects Adobe Connect installations on both Windows and macOS operating systems (NVD).

The vulnerability is classified as a URL Redirection to Untrusted Site (CWE-601) issue. According to the CVSS 3.1 scoring, it received a base score of 6.1 (MEDIUM) from NIST NVD with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, while Adobe Systems assessed it with a score of 3.1 (LOW) with vector CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N (NVD).

An attacker could leverage this vulnerability to redirect users to malicious websites. The exploitation requires user interaction, specifically requiring a victim to click on a crafted link. The vulnerability primarily affects the integrity of the system with low impact, while having no direct impact on system availability (NVD).

Adobe has released version 12.10 as a security update to address this vulnerability. Users of affected systems are advised to update to this latest version to mitigate the risk (ASEC).