Request a Demo
Rewterz
Multiple Microsoft Windows Products Vulnerabilities
May 16, 2025
Rewterz
ICS: Multiple Siemens Products Vulnerabilities
May 16, 2025

Multiple Adobe Animate and InDesign Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-43555 CVSS:7.8

Animate versions are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-43556 CVSS:7.8

Animate versions are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-43557 CVSS:7.8

Animate versions are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-30328 CVSS:7.8

Animate versions are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file

CVE-2025-30329 CVSS:5.5

Animate versions are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-30319 CVSS:5.5

InDesign Desktop versions are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-30318 CVSS:7.8

InDesign Desktop versions are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-30320 CVSS:5.5

InDesign Desktop versions are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-27177 CVSS:7.8

InDesign Desktop versions are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Impact

  • Buffer Overflow
  • Denial of Service
  • Code Execution

Indicators of Compromise

CVE

  • CVE-2025-43555
  • CVE-2025-43556
  • CVE-2025-43557
  • CVE-2025-30328
  • CVE-2025-30329
  • CVE-2025-30319
  • CVE-2025-30318
  • CVE-2025-30320
  • CVE-2025-27177

Affected Vendors

  • Adobe

Affected Products

  • Adobe Animate - 23.0.0 - 23.0.12
  • Adobe Animate - 24.0.0 - 24.0.9
  • Adobe Indesign - 19.5.3
  • Adobe Indesign - 20.0 - 20.3

Remediation

Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.

CVE-2025-43555

CVE-2025-43556

CVE-2025-43557

CVE-2025-30328

CVE-2025-30329

CVE-2025-30319

CVE-2025-30318

CVE-2025-30320

CVE-2025-27177