CVE-2025-61801: 
Adobe Dimension vulnerability analysis and mitigation

CVE-2025-61801 is a Use After Free (UAF) vulnerability discovered in Adobe Dimension versions 4.1.4 and earlier. The vulnerability was disclosed on October 14, 2025, affecting both Windows and macOS operating systems. This security flaw could result in arbitrary code execution in the context of the current user, requiring user interaction through opening a malicious file (NVD, ASEC).

The vulnerability is classified as a Use After Free (UAF) issue with a CVSS v3.1 Base Score of 7.8 (HIGH). The attack vector is Local (L) with Low attack complexity (L), requiring no privileges (N) but needs user interaction (R). The scope is Unchanged (U) with High impact on Confidentiality (H), Integrity (H), and Availability (H). The vulnerability is tracked under CWE-416 (Use After Free) (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the logged-on user. Depending on the user's privileges, an attacker could potentially install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer system privileges may be less impacted than those with administrative rights (CIS Security).

Adobe has released version 4.1.5 of Dimension to address this vulnerability. Users are strongly advised to update to this latest version immediately after appropriate testing. Organizations should also apply the principle of least privilege to all systems and services, and run software as non-privileged users to minimize the impact of potential attacks (ASEC).