Severity
High
Analysis Summary
CVE-2025-47103 CVSS:7.8
Adobe InDesign is vulnerable to a heap-based buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2025-49533 CVSS:9.8
Adobe Experience Manager Forms on JEE could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code on the system with the privileges of the victim or cause the application to crash.
CVE-2025-27203 CVSS:9.6
Adobe Connect could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to execute code on the system with the privileges of the victim or cause the application to crash.
Impact
- Buffer Overflow
- Code Execution
Indicators of Compromise
CVE
CVE-2025-47103
CVE-2025-49533
CVE-2025-27203
Affected Vendors
- Adobe
Affected Products
- Adobe InDesign - ID19.5.3
- Adobe InDesign - ID20.3
- Adobe Experience Manager Forms on JEE - 6.5.23.0
- Adobe Connect 24.0
Remediation
Refer to Adobe Security Bulletin for patch, upgrade, or suggested workaround information.