CVE-2025-61815: 
Adobe InDesign vulnerability analysis and mitigation

Adobe InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability (CVE-2025-61815) that could result in arbitrary code execution in the context of the current user. The vulnerability was disclosed on November 11, 2025, and requires user interaction through opening a malicious file (NVD).

The vulnerability is classified as a Use After Free (CWE-416) issue. It has received a CVSS v3.1 Base Score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that while local access and user interaction are required, the vulnerability can lead to high impacts on confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability allows arbitrary code execution in the context of the current user. This means an attacker could potentially execute malicious code with the same privileges as the user running InDesign, potentially leading to unauthorized access, data manipulation, or system compromise (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update to versions newer than InDesign Desktop 20.5 and 19.5.5 (Adobe Security Bulletin).