Vulnerability DatabaseCVE-2025-21160

CVE-2025-21160:
Adobe Illustrator vulnerability analysis and mitigation

Overview

Adobe Illustrator versions 29.1, 28.7.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability identified as CVE-2025-21160. The vulnerability was disclosed on February 11, 2025, and was reported by a security researcher identified as 'yjdfy' (Adobe Security).

Technical details

The vulnerability is classified as an Integer Underflow (Wrap or Wraparound) vulnerability, identified under CWE-191. It has received a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD, Adobe Security).

Impact

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The exploitation requires user interaction, specifically requiring a victim to open a malicious file (NVD).

Mitigation and workarounds

Adobe has released security updates to address this vulnerability. Users of Illustrator 2025 should update to version 29.2.1 or above, while users of Illustrator 2024 should update to version 28.7.4 or above. The updates are available through the Creative Cloud desktop app's update mechanism (Adobe Security).