CVE-2025-30310: 
Adobe Dreamweaver vulnerability analysis and mitigation

Adobe Dreamweaver Desktop versions 21.4 and earlier are affected by an Access of Resource Using Incompatible Type (Type Confusion) vulnerability, identified as CVE-2025-30310. The vulnerability was discovered by AspiringYoungMan working with Trend Micro Zero Day Initiative and was disclosed on May 13, 2025. This security issue affects both Windows and macOS operating systems (NVD, Wiz Report).

The vulnerability is classified as CWE-843 (Access of Resource Using Incompatible Type) and has received a CVSS v3.1 base score of 7.8 (HIGH). The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access vector, low attack complexity, no privileges required, user interaction required, and high impacts to confidentiality, integrity, and availability (NVD, Wiz Report).

Successful exploitation of this vulnerability could lead to arbitrary code execution in the context of the current user. The impact severity varies based on user privileges - users with administrative rights face greater risk. An attacker could potentially install programs, view or modify data, or create new accounts with full user rights (Wiz Report).

Adobe has released version 21.5 to address this vulnerability. Organizations are advised to apply the stable channel update after appropriate testing. Additional recommended security measures include implementing the principle of least privilege, restricting administrator privileges to dedicated accounts, and enabling anti-exploitation features (Wiz Report).