CVE-2025-61814: 
Adobe InDesign vulnerability analysis and mitigation

Adobe InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free (UAF) vulnerability identified as CVE-2025-61814. The vulnerability was disclosed on November 11, 2025, and affects both Windows and macOS operating systems. This security flaw was reported to Adobe and received a CVSS v3.1 base score of 7.8 (HIGH) (NVD, Adobe Security).

The vulnerability is classified as a Use After Free (CWE-416) issue that could potentially lead to arbitrary code execution in the context of the current user. The CVSS v3.1 vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access vector, low attack complexity, no privileges required, and user interaction required for exploitation (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user, potentially allowing an attacker to execute malicious code with the same privileges as the victim user (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update to Adobe InDesign version 20.5.1 or version 21.0. The fix was released as part of Adobe's November 2025 security updates (ASEC Advisory, Adobe Security).