CVE-2021-40776: 
Adobe Lightroom Classic vulnerability analysis and mitigation

Adobe Lightroom Classic 10.3 and earlier versions are affected by a privilege escalation vulnerability (CVE-2021-40776) discovered in the Offline Lightroom Classic installer. The vulnerability was disclosed on October 26, 2021, and affects both Windows and macOS operating systems. This security flaw is characterized as a privilege escalation issue stemming from the creation of temporary files with incorrect permissions (Adobe Security, NVD Database).

The vulnerability is classified as CWE-379 (Creation of Temporary File in Directory with Insecure Permissions). It received a CVSS v3.1 base score of 6.1 (Medium severity) with the following vector: CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H. Under CVSS v2.0, it scored 6.6 (Medium) with the vector (AV:L/AC:M/Au:S/C:C/I:C/A:C). The vulnerability requires user interaction before product installation to be exploited (NVD Database).

If successfully exploited, this vulnerability allows an authenticated attacker to escalate privileges on the affected system. The vulnerability affects the security triad with high impacts on confidentiality, integrity, and availability, as indicated by the CVSS scoring (NVD Database).

Adobe has addressed this vulnerability in versions after Lightroom Classic 10.3. Users are advised to update to the latest version of the software to mitigate this security risk (Adobe Security).

The vulnerability was part of a larger Adobe security update that addressed 92 vulnerabilities across 14 products. Security researchers from TopSec Alpha Team and Trend Micro's Zero-Day Initiative were credited with discovering most of the vulnerabilities in this update batch (Threatpost Article).