CVE-2025-47123: 
Adobe Framemaker vulnerability analysis and mitigation

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability (CVE-2025-47123) that could result in arbitrary code execution in the context of the current user. The vulnerability was disclosed on July 8, 2025, and requires user interaction through opening a malicious file for exploitation (NVD).

The vulnerability is classified as a Heap-based Buffer Overflow (CWE-122) with a CVSS v3.1 Base Score of 7.8 (HIGH). The attack vector is local (AV:L), with low attack complexity (AC:L), requires no privileges (PR:N), needs user interaction (UI:R), has an unchanged scope (S:U), and can result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) (NVD).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user, potentially allowing an attacker to execute malicious code with the same privileges as the victim user (ASEC).

Adobe has released security updates to address this vulnerability. Users of Adobe FrameMaker 2020 should update to Release Update 9, and users of FrameMaker 2022 should update to Release Update 7 (ASEC).