Integer Underflow Vulnerability in Adobe Illustrator
CVE-2025-21160

7.8HIGH

Key Information:

Vendor: Adobe
Status: Illustrator
Vendor: CVE Published:; 11 February 2025

Summary

Adobe Illustrator versions 29.1, 28.7.3, and earlier are susceptible to an Integer Underflow vulnerability that could allow for arbitrary code execution by an attacker. To exploit this flaw, a victim must open a specially crafted malicious file, leading to potential unauthorized actions within the context of the user's session. Users are encouraged to remain vigilant and ensure they are using the latest software versions to mitigate this risk.

Affected Version(s)

Illustrator 0 <= 28.7.3

References

https://helpx.adobe.com/security/products/illustrator/aps...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Dec 4, 2024