Race Condition Vulnerability in Adobe Creative Cloud Desktop
CVE-2025-54271

5.6MEDIUM

Key Information:

Vendor: Adobe
Status: Creative Cloud Desktop
Vendor: CVE Published:; 15 October 2025

What is CVE-2025-54271?

Adobe Creative Cloud Desktop versions 6.7.0.278 and earlier are vulnerable to a Time-of-check Time-of-use (TOCTOU) race condition. This flaw can be exploited by low-privileged attackers, allowing them to manipulate files by exploiting the window between the checking of a resource's state and its actual use. The potential for unauthorized file modifications poses a serious security risk, as exploitation does not require any user interaction, making it a stealthy vector for potential attacks.

Affected Version(s)

Creative Cloud Desktop 0 <= 6.7.0.278

References

https://helpx.adobe.com/security/products/creative-cloud/...

vendor-advisory

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Jul 17, 2025

JSON