Out-of-bounds Read Vulnerability in DNG SDK by Adobe
CVE-2025-64893

7.1HIGH

Key Information:

Vendor: Adobe
Status: Dng Sdk
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-64893?

The DNG SDK from Adobe, specifically versions 1.7.0 and earlier, contains an Out-of-bounds Read vulnerability. This issue may lead to the exposure of sensitive information stored in memory or result in application denial of service. Exploitation requires user interaction, as an affected user must open a specially crafted malicious file, which could trigger the issue.

Affected Version(s)

DNG SDK 0 <= 1.7.0

References

https://helpx.adobe.com/security/products/dng-sdk/apsb25-...

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Nov 11, 2025

JSON