CVE-2025-49570: 
Adobe Photoshop vulnerability analysis and mitigation

Adobe Photoshop Desktop versions 25.12.3, 26.8 and earlier are affected by an out-of-bounds write vulnerability identified as CVE-2025-49570. The vulnerability was disclosed on August 12, 2025, affecting both Windows and macOS operating systems. This security issue requires user interaction, specifically opening a malicious file, to be exploited (NVD).

The vulnerability is classified as an out-of-bounds write issue (CWE-787). According to the CVSS 3.1 scoring system, it has received a high severity base score of 7.8 with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access and user interaction, but no privileges, while potentially impacting confidentiality, integrity, and availability at high levels (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The potential impact affects both system security and user data integrity (NVD, Rapid7).

Adobe has released security updates to address this vulnerability. Users are advised to update their Photoshop installations to versions newer than 25.12.3 for the 25.x series or versions newer than 26.8 for the 26.x series (NVD).