CVE-2025-30302: 
Adobe Framemaker vulnerability analysis and mitigation

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. The vulnerability was discovered and disclosed on April 8, 2025, affecting multiple versions of Adobe Framemaker software (NVD, CVE).

The vulnerability is classified as an out-of-bounds read issue (CWE-125) that could potentially expose sensitive memory information. The CVSS v3.1 base score is 5.5 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access and user interaction, has no privileges required, and can result in high confidentiality impact without affecting integrity or availability (NVD).

The vulnerability could lead to disclosure of sensitive memory information and potentially allow attackers to bypass security mitigations such as ASLR (Address Space Layout Randomization). This could expose sensitive data stored in memory and potentially facilitate further attacks (NVD).

Users should upgrade to versions newer than Adobe Framemaker 2020.8 and 2022.6 to address this vulnerability. The issue affects multiple versions of Adobe Framemaker, including both the 2020 and 2022 release lines (NVD).