CVE-2025-30324: 
Adobe Photoshop vulnerability analysis and mitigation

Adobe Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Underflow vulnerability identified as CVE-2025-30324. The vulnerability was disclosed on May 13, 2025, affecting both Windows and macOS operating systems. This security flaw was discovered and reported through Adobe's public bug bounty program with HackerOne (NVD, Rapid7).

The vulnerability is classified as an Integer Underflow (Wrap or Wraparound) vulnerability, identified as CWE-191. It received a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access and user interaction, but no privileges, while potentially impacting confidentiality, integrity, and availability at high levels (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The high severity rating indicates significant potential impact on system security, though exploitation requires user interaction specifically through opening a malicious file (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update their Photoshop installations to versions newer than 26.5 for the 26.x branch or 25.12.2 for the 25.x branch. The vulnerability affects both Windows and macOS versions of the software (ASEC).