CVE-2025-30300: 
Adobe Framemaker vulnerability analysis and mitigation

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability (CVE-2025-30300). The vulnerability was disclosed on April 8, 2025, and affects multiple versions of Adobe Framemaker software. This security issue could result in an application denial-of-service condition (NVD).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) with a CVSS v3.1 base score of 5.5 (MEDIUM). The attack vector is local (AV:L), with low attack complexity (AC:L), requires no privileges (PR:N), and needs user interaction (UI:R). The scope is unchanged (S:U), with no impact on confidentiality (C:N) or integrity (I:N), but high impact on availability (A:H) (NVD).

If successfully exploited, this vulnerability could allow an attacker to crash the Adobe Framemaker application, resulting in a denial-of-service condition. The impact is limited to the application level and does not affect the broader system (NVD).

Adobe has addressed this vulnerability in versions after Framemaker 2020.8 and 2022.6. Users are advised to update to the latest version of Adobe Framemaker to mitigate this security issue (Adobe Security).