CVE-2025-49528: 
Adobe Illustrator vulnerability analysis and mitigation

Adobe Illustrator versions 28.7.6, 29.5.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability. The vulnerability was discovered and disclosed on July 8, 2025, and was assigned the identifier CVE-2025-49528. The affected systems include both Windows and macOS operating systems running the specified versions of Adobe Illustrator (NVD Database, CVE Database).

The vulnerability is classified as a Stack-based Buffer Overflow (CWE-121). The severity of this vulnerability has been rated as HIGH with a CVSS v3.1 Base Score of 7.8 and vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that while local access is required, the vulnerability requires low attack complexity and no privileges, though it does need user interaction (NVD Database).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. This means an attacker could potentially execute malicious code with the same privileges as the user running the Adobe Illustrator application (NVD Database).

Users should update their Adobe Illustrator installations to versions newer than 28.7.6 for the 28.x series or versions newer than 29.5.1 for the 29.x series. The vulnerability has been addressed in subsequent releases (Adobe Advisory).