CVE-2025-47097: 
Adobe InCopy vulnerability analysis and mitigation

Adobe InCopy versions 20.3, 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability identified as CVE-2025-47097. The vulnerability was discovered and reported to Adobe Systems Incorporated, with the initial CVE record being created on April 30, 2025, and public disclosure occurring on July 8, 2025. The vulnerability affects both Windows and macOS operating systems running the specified versions of InCopy (NVD, CVE).

The vulnerability is classified as an Integer Underflow (Wrap or Wraparound) issue, categorized under CWE-191. The severity of this vulnerability has been assessed with a CVSS v3.1 Base Score of 7.8 (HIGH), with the following vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access and user interaction, but no privileges, while potentially impacting confidentiality, integrity, and availability at high levels (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The high CVSS score indicates significant potential impact on system security, affecting confidentiality, integrity, and availability of the system (NVD).

Users are advised to update their Adobe InCopy installations to versions newer than 20.3 for the 20.x series or newer than 19.5.3 for the 19.x series. The vulnerability has been addressed in subsequent releases (NVD).