CVE-2025-21158

Name of the Vulnerable Software and Affected Versions: InDesign Desktop versions ID20.0, ID19.5.1 and earlier

Description: The issue is related to an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, as a victim must open a malicious file.

Recommendations: For versions ID20.0, ID19.5.1 and earlier, avoid opening files from untrusted sources until a patch is available. As a temporary workaround, consider restricting the ability to open files in InDesign Desktop to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.