CVE-2025-61804: 
NixOS vulnerability analysis and mitigation

CVE-2025-61804 is a Heap-based Buffer Overflow vulnerability discovered in Adobe Animate versions 23.0.13, 24.0.10 and earlier. The vulnerability was disclosed on October 14, 2025, affecting both Windows and macOS operating systems. This security flaw requires user interaction, specifically opening a malicious file, to be exploited (NVD, Adobe Security).

The vulnerability is classified as a heap-based buffer overflow (CWE-122) with a CVSS v3.1 base score of 7.8 (HIGH). The attack vector is local (AV:L), with low attack complexity (AC:L), requiring no privileges (PR:N) but needs user interaction (UI:R). The scope is unchanged (S:U), with high impact on confidentiality (C:H), integrity (I:H), and availability (A:H) (NVD).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user. Depending on the user's privileges, an attacker could potentially install programs, view, modify, or delete data, or create new accounts with full user rights (CIS Security).

Adobe has released security updates to address this vulnerability. Users should update to Adobe Animate 2023 version 23.0.15 or Adobe Animate 2024 version 24.0.12. It is recommended to apply these updates immediately after appropriate testing (ASEC).