CVE-2025-47106: 
Adobe InDesign vulnerability analysis and mitigation

InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. The vulnerability was discovered and disclosed on June 10, 2025, affecting Adobe InDesign software running on both Windows and macOS platforms (NVD CVE, Wiz Report).

The vulnerability is classified as a Use After Free (CWE-416) issue that could potentially expose sensitive memory information. It has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access and user interaction, has no privileges required, and can lead to high confidentiality impact without affecting integrity or availability (NVD CVE).

The vulnerability could allow an attacker to bypass security mitigations such as Address Space Layout Randomization (ASLR) and potentially access sensitive memory information. The exploitation requires user interaction, specifically opening a malicious file (NVD CVE).

Adobe has addressed this vulnerability in their security update. Users are advised to update to versions newer than ID20.2 and ID19.5.3 (Adobe Advisory).