CVE-2025-27184: 
Adobe After Effects vulnerability analysis and mitigation

Adobe After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. The vulnerability, tracked as CVE-2025-27184, was disclosed on April 8, 2025. This security flaw requires user interaction, specifically opening a malicious file, to be exploited (Adobe Security, NVD).

The vulnerability is classified as an out-of-bounds read issue with a CVSS v3.1 base score of 5.5 (Medium). The attack vector is local (AV:L), with low attack complexity (AC:L), requiring no privileges (PR:N) but needs user interaction (UI:R). The scope is unchanged (S:U), with high confidentiality impact (C:H) but no impact on integrity (I:N) or availability (A:N). The vulnerability is identified as CWE-125 (Out-of-bounds Read) (NVD).

If successfully exploited, this vulnerability could lead to the disclosure of sensitive memory information. An attacker could leverage this vulnerability to bypass security mitigations such as Address Space Layout Randomization (ASLR) (NVD).

Adobe has released version 24.6.5 to address this vulnerability. Users are advised to update their Adobe After Effects installations to the latest version (ManageEngine).