CVE-2025-27203

CRITICAL

Adobe Connect <24.0 - Code Injection

Title source: llm

Description

Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does require user interaction and scope is changed.

References (1)

[Vendor Advisory] https://helpx.adobe.com/security/products/connect/apsb25-61.html

Scores

CVSS v3 9.6

EPSS 0.1472

EPSS Percentile 94.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

adobe/connect < 2025.5.5

Timeline

Published Jul 08, 2025

Tracked Since Feb 18, 2026