CVE-2025-49563: 
Adobe Illustrator vulnerability analysis and mitigation

Adobe Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out-of-bounds write vulnerability identified as CVE-2025-49563. The vulnerability was disclosed on August 12, 2025, and affects both Windows and macOS operating systems (NVD).

The vulnerability is classified as an out-of-bounds write (CWE-787) issue. It has received a CVSS v3.1 Base Score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access and user interaction, but no privileges, while potentially impacting confidentiality, integrity, and availability at a high level (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The high CVSS score indicates significant potential impact on system security, affecting both data confidentiality and system integrity (NVD).

Adobe has addressed this vulnerability through a security update detailed in APSB25-74. Users should update to versions 28.7.9 or 29.7 or later to mitigate this vulnerability (Adobe Advisory).

The vulnerability was initially discovered and reported through Adobe's public bug bounty program with HackerOne, with credit given to researcher Jony (jony_juice) (Adobe Advisory).