NULL Pointer Dereference Vulnerability in Adobe InDesign
CVE-2025-27176

5.5MEDIUM

Key Information:

Vendor: Adobe
Status: Indesign Desktop
Vendor: CVE Published:; 11 March 2025

What is CVE-2025-27176?

A NULL Pointer Dereference vulnerability in Adobe InDesign allows an attacker to exploit the software by forcing a denial-of-service through application crashes. To successfully execute this exploit, a user must interact with a malicious file. This can lead to significant disruption for users relying on InDesign for their design tasks. It's crucial for users to remain vigilant and apply any available updates to mitigate potential risks associated with this vulnerability.

Affected Version(s)

InDesign Desktop 0

References

https://helpx.adobe.com/security/products/indesign/apsb25...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Feb 19, 2025