Analysis Summary

CVE-2025-30301 CVSS:5.5

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-30302 CVSS:5.5

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-27205 CVSS:5.4

Adobe Experience Manager Screens versions FP11.3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must open a malicious link.

Impact

• Cross-Site Scripting
• Gain Access

Indicators of Compromise

CVE

• CVE-2025-30301

• CVE-2025-30302

• CVE-2025-27205

Affected Vendors

Affected Products

• Adobe Framemaker - 0
• Adobe Experience Manager - 0

Remediation

Refer to Adobe Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-30301

CVE-2025-30302

CVE-2025-27205