CVE-2025-49525: 
Adobe Illustrator vulnerability analysis and mitigation

Adobe Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability. The vulnerability was discovered and disclosed on July 8, 2025, with the identifier CVE-2025-49525. The affected systems include both Windows and macOS versions of Adobe Illustrator (NVD Database, CVE Database).

The vulnerability is classified as an out-of-bounds read (CWE-125) that could potentially expose sensitive memory information. The CVSS v3.1 base score is 5.5 (Medium), with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access and user interaction, has no impact on integrity or availability, but could result in high confidentiality impact (NVD Database).

The vulnerability could lead to the disclosure of sensitive memory information when exploited. The impact is primarily focused on confidentiality, with no direct effects on system integrity or availability (NVD Database).

Adobe has addressed this vulnerability in their security update. Users are advised to update their Adobe Illustrator installations to versions newer than 28.7.6 for the 28.x series or versions newer than 29.5.1 for the 29.x series (Adobe Advisory).