Out-of-Bounds Write Vulnerability in Adobe Lightroom Desktop
CVE-2025-27197

7.8HIGH

Key Information:

Vendor: Adobe
Status: Lightroom Desktop
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-27197?

Adobe Lightroom Desktop versions 8.2 and earlier contain an out-of-bounds write vulnerability that could enable arbitrary code execution within the context of the user. To exploit this vulnerability, the user must open a specially crafted malicious file, which can lead to severe security risks. It is crucial for users of these versions to be aware of this issue and take steps to protect their systems.

Affected Version(s)

Lightroom Desktop 0 <= 8.2

References

https://helpx.adobe.com/security/products/lightroom/apsb2...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Feb 19, 2025