CVE-2025-49564: 
Adobe Illustrator vulnerability analysis and mitigation

A Stack-based Buffer Overflow vulnerability (CVE-2025-49564) was discovered in Adobe Illustrator versions 28.7.8, 29.6.1 and earlier. The vulnerability was disclosed on August 12, 2025, and affects both Windows and macOS operating systems. This security flaw was identified and reported by a security researcher named Jony (jony_juice) through Adobe's public bug bounty program with HackerOne (NVD, Adobe Advisory).

The vulnerability is classified as CWE-121 (Stack-based Buffer Overflow) with a CVSS v3.1 base score of 7.8 (HIGH). The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access vector, low attack complexity, no privileges required, user interaction required, and high impact on confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. This means an attacker could potentially execute malicious code with the same privileges as the user running the Illustrator application (NVD).

Adobe has addressed this vulnerability in their security advisory APSB25-74. Users should update their Adobe Illustrator installations to versions newer than 28.7.8 for the 28.x series or versions newer than 29.6.1 for the 29.x series (Adobe Advisory).