CVE-2025-47125: 
Adobe Framemaker vulnerability analysis and mitigation

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability (CVE-2025-47125) that could result in arbitrary code execution in the context of the current user. The vulnerability requires user interaction, specifically opening a malicious file to be exploited (NVD).

The vulnerability is classified as a Heap-based Buffer Overflow (CWE-122) with a CVSS v3.1 base score of 7.8 (HIGH). The attack vector is local (AV:L), with low attack complexity (AC:L), requires no privileges (PR:N), needs user interaction (UI:R), has unchanged scope (S:U), and can result in high impact on confidentiality, integrity, and availability (C:H/I:H/A:H) (Adobe Advisory).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user, potentially allowing an attacker to execute malicious code with the same privileges as the affected application (NVD).

Adobe has released security updates to address this vulnerability. Users of Adobe FrameMaker 2020 should update to Release Update 9, and users of FrameMaker 2022 should update to Release Update 7 (ASEC Advisory).