Vulnerability DatabaseCVE-2025-30300

CVE-2025-30300:
Adobe Framemaker vulnerability analysis and mitigation

Overview

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability (CVE-2025-30300). The vulnerability was disclosed on April 8, 2025, and affects multiple versions of Adobe Framemaker software. This security issue could result in an application denial-of-service condition (NVD).

Technical details

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) with a CVSS v3.1 base score of 5.5 (MEDIUM). The attack vector is local (AV:L), with low attack complexity (AC:L), requires no privileges (PR:N), and needs user interaction (UI:R). The scope is unchanged (S:U), with no impact on confidentiality (C:N) or integrity (I:N), but high impact on availability (A:H) (NVD).

Impact

If successfully exploited, this vulnerability could allow an attacker to crash the Adobe Framemaker application, resulting in a denial-of-service condition. The impact is limited to the application level and does not affect the broader system (NVD).

Mitigation and workarounds

Adobe has addressed this vulnerability in versions after Framemaker 2020.8 and 2022.6. Users are advised to update to the latest version of Adobe Framemaker to mitigate this security issue (Adobe Security).