CVE-2025-54224: 
Adobe InDesign vulnerability analysis and mitigation

Adobe InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability identified as CVE-2025-54224. The vulnerability was disclosed on August 12, 2025, affecting Adobe InDesign software on both Windows and macOS operating systems (NVD).

The vulnerability is classified as a Use After Free (CWE-416) issue that could potentially lead to arbitrary code execution in the context of the current user. The vulnerability has received a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates a local attack vector with low attack complexity, requiring no privileges but necessitating user interaction (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution with the privileges of the current user, potentially compromising the confidentiality, integrity, and availability of the affected system. The high CVSS score indicates significant potential impact across all three security metrics (NVD).

Users are advised to update their Adobe InDesign installations to versions newer than 20.4 or 19.5.4, depending on their current version track. Adobe has released patches to address this vulnerability (Adobe Advisory).