CVE-2025-30325: 
Adobe Photoshop vulnerability analysis and mitigation

Adobe Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability identified as CVE-2025-30325. The vulnerability was discovered and reported through Adobe's HackerOne bug bounty program by researcher yjdfy, and was publicly disclosed on May 13, 2025. This high-severity vulnerability affects both Windows and macOS operating systems (NVD, GBHackers).

The vulnerability stems from an integer overflow in the CMYK color space conversion module of Photoshop. When processing specially constructed color profiles that exceed 32-bit integer limits during pixel calculations, heap buffer overflows can occur. The vulnerability has received a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack vector requiring user interaction (NVD, GBHackers).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The exploitation requires user interaction, specifically opening a malicious file. Given Photoshop's common use with elevated permissions, this poses significant risks to system security (NVD, GBHackers).

Adobe has released patches to address this vulnerability - version 26.6 for Photoshop 2025 and version 25.12.3 for Photoshop 2024. Creative Cloud users receive automatic updates through the desktop app's background service. For unpatched systems, temporary mitigation involves configuring Group Policy Objects (Windows) or Mobile Device Management profiles (macOS) to restrict Photoshop from opening files from untrusted sources, though this may impair functionality (GBHackers, ASEC).