NULL Pointer Dereference in Adobe Animate Affecting Multiple Versions
CVE-2025-54270

5.5MEDIUM

Key Information:

Vendor: Adobe
Status: Animate
Vendor: CVE Published:; 15 October 2025

What is CVE-2025-54270?

Adobe Animate versions 23.0.13, 24.0.10, and earlier are vulnerable to a NULL Pointer Dereference issue that may lead to the unintended disclosure of sensitive memory information. To exploit this vulnerability, an attacker must trick a victim into opening a carefully crafted malicious file, which could potentially expose critical data. Users of affected versions are advised to update their software immediately to mitigate the risks associated with this vulnerability.

Affected Version(s)

Animate 0 <= 23.0.13, 24.0.10

References

https://helpx.adobe.com/security/products/animate/apsb25-...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Jul 17, 2025

JSON