Integer Overflow Vulnerability in Adobe DNG SDK Software
CVE-2025-64783

7.8HIGH

Key Information:

Vendor: Adobe
Status: Dng Sdk
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-64783?

Adobe DNG SDK versions 1.7.0 and earlier contain a vulnerability that arises from an integer overflow. This flaw has the potential to enable arbitrary code execution in the context of the user currently logged in. An attacker must trick the user into opening a specially crafted malicious file to exploit the vulnerability, which emphasizes the necessity for caution when handling untrusted files. Users of the DNG SDK should be vigilant and ensure their environments are secure.

Affected Version(s)

DNG SDK 0 <= 1.7.0

References

https://helpx.adobe.com/security/products/dng-sdk/apsb25-...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Nov 11, 2025

JSON