CVE-2025-43590: 
Adobe InDesign vulnerability analysis and mitigation

Adobe InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability. The vulnerability was discovered and disclosed on June 10, 2025, with the last modification to the advisory on June 16, 2025. The affected systems include both Windows and macOS operating systems running Adobe InDesign (NVD CVE, MITRE CVE).

The vulnerability is classified as an out-of-bounds write (CWE-787) that could lead to arbitrary code execution in the context of the current user. The CVSS v3.1 base score is 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access and user interaction, but no privileges, while potentially impacting confidentiality, integrity, and availability at high levels (NVD CVE).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. This means an attacker could potentially execute malicious code with the same privileges as the user running InDesign, potentially compromising the affected system (Wiz Analysis).

Adobe has released security updates to address this vulnerability. Users should update to versions newer than ID20.2 and ID19.5.3 to mitigate this security risk (Wiz Analysis).