PT-2025-10889 · Adobe · Indesign Desktop

Published

2025-03-11

Updated

2025-03-13

CVE-2025-27178

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: InDesign Desktop versions ID20.1, ID19.5.2 and earlier

Description: The issue is an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, where a victim must open a malicious file.

Recommendations: For InDesign Desktop versions ID20.1, ID19.5.2 and earlier, update to a version that is not affected by this issue to prevent arbitrary code execution. As a temporary workaround, consider avoiding the use of potentially malicious files until a patch is available. Restrict access to untrusted files to minimize the risk of exploitation.

Fix

RCE

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2025-03180

CVE-2025-27178

Affected Products

Indesign Desktop

PT-2025-10889 · Adobe · Indesign Desktop

CVE-2025-27178

Weakness Enumeration

Related Identifiers

Affected Products

References · 9