CVE-2025-47109: 
Adobe After Effects vulnerability analysis and mitigation

Adobe After Effects versions 25.2, 24.6.6 and earlier are affected by a NULL Pointer Dereference vulnerability identified as CVE-2025-47109. The vulnerability was discovered and disclosed on July 8, 2025, affecting both Windows and macOS operating systems. This security issue requires user interaction, specifically opening a malicious file, to be exploited (NVD).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) with a CVSS v3.1 Base Score of 5.5 (Medium). The vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating local access, low attack complexity, no privileges required, user interaction required, unchanged scope, and high impact on availability (NVD).

If successfully exploited, this vulnerability could lead to application denial-of-service, causing the Adobe After Effects application to crash and disrupting services. The impact is primarily focused on availability, with no direct effect on confidentiality or integrity (NVD).

Adobe has released patches to address this vulnerability. Users are advised to update to Adobe After Effects versions 24.6.7 or 25.3, depending on their current version. These security updates were made available in the 07/08/2025 update (ASEC).

The vulnerability was discovered and reported by security researcher Francis Provencher (prl) through Adobe's public bug bounty program with HackerOne (Adobe Security).