CVE-2025-43558: 
Adobe InDesign vulnerability analysis and mitigation

Adobe InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability. The vulnerability was discovered and reported by Adobe Systems Incorporated, with the initial CVE record created on April 16, 2025, and was published in the National Vulnerability Database on June 10, 2025 (NVD, CVE).

The vulnerability is classified as an out-of-bounds write (CWE-787) that could lead to arbitrary code execution in the context of the current user. The CVSS v3.1 base score is 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates local attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, and high impact on confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user, potentially leading to complete system compromise with the same privileges as the user running the application (Wiz).

Users should update to the latest version of Adobe InDesign as specified in the vendor advisory (Vendor Advisory).