Vulnerability DatabaseCVE-2025-27167

CVE-2025-27167:
Adobe Illustrator vulnerability analysis and mitigation

Overview

Adobe Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability (CVE-2025-27167). The vulnerability was disclosed on March 11, 2025, and Adobe has released security updates to address this critical issue (NVD, Adobe Security).

Technical details

The vulnerability is classified as an Untrusted Search Path vulnerability (CWE-426) with a CVSS v3.1 Base Score of 7.8 (HIGH). The vulnerability vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required (NVD).

Impact

If exploited, this vulnerability could allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. The vulnerability occurs when the application uses a search path to locate critical resources such as programs, where an attacker could modify that search path to point to a malicious program, which the targeted application would then execute (NVD).

Mitigation and workarounds

Adobe has released security updates to address this vulnerability. Users are advised to update to Illustrator 2025 version 29.3 or later, and Illustrator 2024 version 28.7.5 or later (ASEC).