Severity
Medium
Analysis Summary
CVE-2025-30301 CVSS:5.5
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-30302 CVSS:5.5
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-27205 CVSS:5.4
Adobe Experience Manager Screens versions FP11.3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must open a malicious link.
Impact
- Cross-Site Scripting
- Gain Access
Indicators of Compromise
CVE
CVE-2025-30301
CVE-2025-30302
CVE-2025-27205
Affected Vendors
- Adobe
Affected Products
- Adobe Framemaker - 0
- Adobe Experience Manager - 0
Remediation
Refer to Adobe Security Advisory for patch, upgrade, or suggested workaround information.