NULL Pointer Dereference Vulnerability in Adobe After Effects
CVE-2025-27185

5.5MEDIUM

Key Information:

Vendor

Adobe
Status
After Effects
Vendor
CVE Published:
8 April 2025

What is CVE-2025-27185?

Adobe After Effects versions 25.1, 24.6.4, and earlier are susceptible to a NULL Pointer Dereference vulnerability. This flaw could allow malicious actors to initiate a denial-of-service condition by exploiting the vulnerability through user interaction, specifically by enticing a user to open a specially crafted file. Once executed, the application could crash, disrupting normal functionality and posing security risks to users.

Affected Version(s)

After Effects 0 <= 24.6.4

References

https://helpx.adobe.com/security/products/after_effects/a...
vendor-advisory

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.