Request a Demo
Rewterz
FortiWeb SQL Injection Flaw Lets Attackers Run Malicious SQL Code
July 14, 2025
Rewterz
Microsoft SQL Server 0-Day Leaks Sensitive Data Over Network
July 14, 2025

Multiple Adobe Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-47098 CVSS:7.8

Adobe InCopy could allow a remote attacker to execute arbitrary code on the system, caused by an access of uninitialized pointer error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code on the system with the privileges of the victim or cause the application to crash.

CVE-2025-47097 CVSS:7.8

Adobe InCopy could allow a remote attacker to execute arbitrary code on the system, caused by an integer underflow error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code on the system with the privileges of the victim or cause the application to crash.

CVE-2025-47099 CVSS:7.8

Adobe InCopy is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2025-47126 CVSS:7.8

Adobe Framemaker could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2025-47128 CVSS:7.8

Adobe Framemaker could allow a remote attacker to execute arbitrary code on the system, caused by an integer underflow error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2025-47131 CVSS:7.8

Adobe Framemaker is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2025-47122 CVSS:7.8

Adobe Framemaker is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2025-47130 CVSS:7.8

Adobe Framemaker could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow error. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

Impact

  • Code Execution
  • Buffer Overflow
  • Gain Access

Indicators of Compromise

CVE

  • CVE-2025-47098

  • CVE-2025-47097

  • CVE-2025-47099

  • CVE-2025-47126

  • CVE-2025-47128

  • CVE-2025-47131

  • CVE-2025-47122

  • CVE-2025-47130

Affected Vendors

  • Adobe

Affected Products

  • Adobe InCopy - 19.5.3
  • Adobe InCopy - 20.3
  • Adobe Framemaker 2022 - Rel Update 6
  • Adobe Framemaker 2020 - Rel Update 8

Remediation

Refer to Adobe Security Bulletin for patch, upgrade, or suggested workaround information.

CVE-2025-47098

CVE-2025-47097

CVE-2025-47099

CVE-2025-47126

CVE-2025-47128

CVE-2025-47131

CVE-2025-47122

CVE-2025-47130