CVE-2025-54225: 
Adobe InDesign vulnerability analysis and mitigation

Adobe InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability identified as CVE-2025-54225. The vulnerability was disclosed on August 12, 2025, affecting both Windows and macOS operating systems running Adobe InDesign (NVD).

The vulnerability is classified as a Use After Free (CWE-416) issue that could potentially lead to arbitrary code execution in the context of the current user. The vulnerability has received a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates a local attack vector, low attack complexity, no privileges required, and user interaction required for exploitation (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution with the privileges of the current user, potentially leading to unauthorized access to system resources, data manipulation, and system compromise (Adobe Advisory).

Users are advised to update to the latest version of Adobe InDesign. The vulnerability has been addressed in versions after 19.5.4 for the 2023 release and versions after 20.4 for the 2024 release (Adobe Advisory).