Description
Adobe Connect versions 12.9 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction in that a victim must click on a crafted link.
Published: 2025-10-14
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Adobe Connect versions 12.9 and earlier contain an Open Redirect vulnerability that allows an attacker to direct a victim to an external, untrusted website. The flaw is triggered by clicking a crafted link, meaning exploitation requires user interaction. Once redirected, the user may be exposed to phishing, drive‑by downloads, or other malicious payloads.

Affected Systems

Products affected are Adobe Connect releases 12.9 and earlier. The vulnerability impacts all supported operating systems where those versions run, including macOS and Windows; however the product version is the primary factor.

Risk and Exploitability

The CVSS score of 4.3 classifies this flaw as low severity. EPSS indicates a very low exploitation probability (<1%). It is not listed in the CISA KEV catalog. Because the attack requires a user click and a malicious URL, the risk is primarily that an attacker could use the redirect in phishing or social‑engineering attacks. Without a direct remote code execution or privilege escalation vector, the impact is limited to user convenience and potential credential theft once the victim follows the redirection.

Generated by OpenCVE AI on May 1, 2026 at 06:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe Connect to version 13.0 or later, which removes the open‑redirect flaw.
  • If an upgrade cannot be performed immediately, block or filter outbound redirects to untrusted domains using your web proxy or firewall.
  • Educate users not to click on unexpected links and to verify URLs before navigating.

Generated by OpenCVE AI on May 1, 2026 at 06:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 03:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N'}

 cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N'}

Fri, 17 Oct 2025 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe connect
Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:connect:*:*:*:*:*:-:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Adobe
Adobe connect
Apple
Apple macos
Microsoft
Microsoft windows

Tue, 14 Oct 2025 22:00:00 +0000

Type Values Removed Values Added
Description Adobe Connect versions 12.9 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction in that a victim must click on a crafted link.
Title Adobe Connect | URL Redirection to Untrusted Site ('Open Redirect') (CWE-601)
Weaknesses CWE-601
References
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

Adobe Connect
Apple Macos
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-04-28T02:15:45.711Z

Reserved: 2025-07-17T21:15:02.447Z

Link: CVE-2025-54196

cve-icon Vulnrichment

Updated: 2025-10-15T20:23:59.231Z

cve-icon NVD

Status : Modified

Published: 2025-10-14T22:15:38.030

Modified: 2026-04-28T03:16:00.363

Link: CVE-2025-54196

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T06:15:10Z

Weaknesses