CVE-2025-30330: 
Adobe Illustrator vulnerability analysis and mitigation

A Heap-based Buffer Overflow vulnerability (CVE-2025-30330) was discovered in Adobe Illustrator versions 29.3, 28.7.5 and earlier. The vulnerability was disclosed on May 13, 2025, and was assigned by Adobe Systems Incorporated. This security flaw affects both Windows and macOS operating systems (NVD).

The vulnerability has been classified as a Heap-based Buffer Overflow (CWE-122) with a CVSS v3.1 Base Score of 7.8 (HIGH). The attack vector is characterized as Local (AV:L), with Low attack complexity (AC:L), requiring No privileges (PR:N), and User interaction (UI:R). The scope is Unchanged (S:U), with High impact on Confidentiality, Integrity, and Availability (C:H/I:H/A:H) (NVD, Wiz).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. This means an attacker could potentially execute malicious code with the same privileges as the user running Adobe Illustrator. Exploitation of this issue requires user interaction in that a victim must open a malicious file (NVD).

Adobe has released security bulletin APSB25-43 addressing this vulnerability. Users are advised to update their Adobe Illustrator installations to versions newer than 29.3 for the 29.x series and 28.7.5 for the 28.x series (Adobe Security).