CVE-2025-30330: 
Adobe Illustrator vulnerability analysis and mitigation

A Heap-based Buffer Overflow vulnerability (CVE-2025-30330) was discovered in Adobe Illustrator versions 29.3, 28.7.5 and earlier. The vulnerability was disclosed on May 13, 2025, and was assigned by Adobe Systems Incorporated. This security flaw could potentially lead to arbitrary code execution in the context of the current user, requiring user interaction through opening a malicious file (NVD, Wiz).

The vulnerability has been classified as a Heap-based Buffer Overflow (CWE-122) with a CVSS v3.1 Base Score of 7.8 (HIGH). The attack vector is characterized as Local (AV:L), with Low attack complexity (AC:L), requiring No privileges (PR:N), and User interaction (UI:R). The scope is Unchanged (S:U), with High impact on Confidentiality, Integrity, and Availability (C:H/I:H/A:H) (NVD, Wiz).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. This means an attacker could potentially execute malicious code with the same privileges as the user running Adobe Illustrator (NVD).

Adobe has released security bulletin APSB25-43 addressing this vulnerability. Users are advised to update their Adobe Illustrator installations to versions newer than those affected (Adobe Security).