CVE-2025-30318: 
Adobe InDesign vulnerability analysis and mitigation

Adobe InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by an out-of-bounds write vulnerability identified as CVE-2025-30318. The vulnerability was discovered and disclosed in May 2025, affecting both Windows and macOS operating systems running the vulnerable versions of InDesign (NVD, Wiz).

The vulnerability is classified as an out-of-bounds write issue (CWE-787) with a CVSS v3.1 base score of 7.8 (HIGH). The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a local attack vector that requires user interaction but no privileges, with potential high impacts on confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The impact severity is considered high, potentially allowing an attacker to execute malicious code, manipulate files, or gain unauthorized access to the system with the same privileges as the logged-in user (Wiz).

Adobe has released security updates to address this vulnerability. Users of ID19.5.x are advised to update to version 19.5.3 or later, while ID20.x users should update to version 20.3 or later (NVD, Adobe Security).