CVE-2025-21158: 
Adobe InDesign vulnerability analysis and mitigation

CVE-2025-21158 is an Integer Underflow (Wrap or Wraparound) vulnerability affecting Adobe InDesign Desktop versions ID20.0, ID19.5.1 and earlier. The vulnerability was disclosed on February 11, 2025, and could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction, specifically opening a malicious file (NVD, CIS Advisory).

The vulnerability is classified as an Integer Underflow (Wrap or Wraparound) issue with a CVSS v3.1 Base Score of 7.8 (HIGH). The attack vector is Local (L), with Low attack complexity (L), requiring No privileges (N) and User interaction (R). The scope is Unchanged (U), with High impact on Confidentiality (H), Integrity (H), and Availability (H) (NVD).

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the logged-on user. If the user has administrative privileges, an attacker could potentially install programs, view, change, or delete data, or create new accounts with full user rights (CIS Advisory).

Adobe has released security updates to address this vulnerability. Users should update to Adobe InDesign ID20.1 or ID19.5.2, depending on their version. The update was made available on February 11, 2025. Organizations are advised to apply the stable channel update provided by Adobe to vulnerable systems immediately after appropriate testing (Adobe Advisory).