Multiple Microsoft Windows Products Vulnerabilities
May 16, 2025ICS: Multiple Siemens Products Vulnerabilities
May 16, 2025Multiple Microsoft Windows Products Vulnerabilities
May 16, 2025ICS: Multiple Siemens Products Vulnerabilities
May 16, 2025Severity
High
Analysis Summary
CVE-2025-43555 CVSS:7.8
Animate versions are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-43556 CVSS:7.8
Animate versions are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-43557 CVSS:7.8
Animate versions are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-30328 CVSS:7.8
Animate versions are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file
CVE-2025-30329 CVSS:5.5
Animate versions are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-30319 CVSS:5.5
InDesign Desktop versions are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-30318 CVSS:7.8
InDesign Desktop versions are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-30320 CVSS:5.5
InDesign Desktop versions are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27177 CVSS:7.8
InDesign Desktop versions are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Impact
- Buffer Overflow
- Denial of Service
- Code Execution
Indicators of Compromise
CVE
- CVE-2025-43555
- CVE-2025-43556
- CVE-2025-43557
- CVE-2025-30328
- CVE-2025-30329
- CVE-2025-30319
- CVE-2025-30318
- CVE-2025-30320
- CVE-2025-27177
Affected Vendors
- Adobe
Affected Products
- Adobe Animate - 23.0.0 - 23.0.12
- Adobe Animate - 24.0.0 - 24.0.9
- Adobe Indesign - 19.5.3
- Adobe Indesign - 20.0 - 20.3
Remediation
Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.