NULL Pointer Dereference Vulnerability in Adobe InDesign
CVE-2025-27179

5.5MEDIUM

Key Information:

Vendor: Adobe
Status: Indesign Desktop
Vendor: CVE Published:; 11 March 2025

Summary

Adobe InDesign Desktop versions ID20.1 and ID19.5.2, as well as earlier versions, contain a NULL Pointer Dereference vulnerability. This flaw could allow an attacker to cause a denial-of-service condition by crashing the application. To exploit this vulnerability, an attacker would need to convince a user to open a specially crafted malicious file, triggering the error and leading to an application crash. It is critical for users to ensure their software is up-to-date and to exercise caution when handling unknown files.

Affected Version(s)

InDesign Desktop 0

References

https://helpx.adobe.com/security/products/indesign/apsb25...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Feb 19, 2025