CVE-2023-25859: 
Adobe Illustrator vulnerability analysis and mitigation

Adobe Illustrator versions 26.5.2 (and earlier) and 27.2.0 (and earlier) were affected by an Improper Input Validation vulnerability identified as CVE-2023-25859. The vulnerability was discovered by Mat Powell from Trend Micro Zero Day Initiative and was publicly disclosed on March 16, 2023 (ZDI Advisory, Adobe Advisory).

The vulnerability exists within the processing of embedded fonts in Adobe Illustrator. The specific flaw stems from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI Advisory).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user. The attacker could potentially gain the same rights and access as the compromised user account (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Illustrator to mitigate this security risk (Adobe Advisory).