Adobe has launched vital safety updates for Photoshop on each Home windows and macOS platforms after discovering a number of extreme vulnerabilities that would enable attackers to execute arbitrary code on victims’ techniques.
The safety bulletin addresses three vital flaws affecting Photoshop 2025 (model 26.5 and earlier) and Photoshop 2024 (model 25.12.2 and earlier).
A number of Important Flaws Found in Adobe Photoshop
Probably the most regarding side of those flaws is their potential to permit menace actors to execute arbitrary code on affected techniques, probably main to finish system compromise.
The primary vulnerability (CVE-2025-30324) is assessed as an Integer Underflow (Wrap or Wraparound) weak spot, following the Frequent Weak point Enumeration normal CWE-191.
This kind of flaw happens when mathematical operations trigger an integer worth to wrap round its minimal or most, resulting in surprising habits that attackers can exploit.
The second vulnerability (CVE-2025-30325) entails an Integer Overflow or Wraparound subject (CWE-190), the place mathematical operations trigger an identical boundary violation however in the wrong way.
Each integer-related vulnerabilities obtained a Important severity ranking with a CVSS base rating of seven.8.
The third vulnerability (CVE-2025-30326) stems from Entry of Uninitialized Pointer (CWE-824), the place the software program makes an attempt to entry reminiscence through a pointer earlier than it has been initialized.
This flaw additionally obtained a Important severity ranking with the identical CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
In keeping with Adobe’s safety bulletin, profitable exploitation of any of those vulnerabilities may result in arbitrary code execution within the context of the present consumer.
If the consumer has administrative privileges, an attacker may probably take full management of the affected system, set up packages, view, change, or delete information, or create new accounts with full consumer rights.
“Thankfully, Adobe is just not conscious of any exploits within the wild for any of the problems addressed in these updates,” the corporate acknowledged in its safety bulletin.
Nevertheless, safety consultants suggest speedy patching as a result of vital nature of those flaws.
CVEsAffected ProductsImpactExploit PrerequisitesCVSS 3.1 ScoreCVE-2025-30324CVE-2025-30325 CVE-2025-30326Photoshop 2025 (≤26.5), Photoshop 2024 (≤25.12.2)Arbitrary Code ExecutionLocal entry, consumer interplay, no privileges7.8 (Important)
Safety Updates Out there
Adobe has launched up to date variations of the affected software program to handle these vulnerabilities. Customers of Photoshop 2025 ought to replace to model 26.6, whereas Photoshop 2024 customers ought to replace to model 25.12.3.
The corporate has assigned a Precedence 3 ranking to those updates, indicating the vulnerabilities have an effect on merchandise which have traditionally not been focused by attackers.
Customers can replace their software program through the Artistic Cloud desktop utility’s replace mechanism. For managed environments, IT directors can deploy the updates by way of the Admin Console.
Adobe acknowledged safety researcher “yjdfy” for responsibly disclosing all three vulnerabilities and collaborating with the corporate to guard prospects.
The corporate maintains a public bug bounty program with HackerOne for exterior safety researchers interested by contributing to Adobe’s safety efforts.
All Photoshop customers are strongly urged to replace to the newest versions-Photoshop 2025 (26.6) and Photoshop 2024 (25.12.3)-as quickly as doable to mitigate any threat. Staying vigilant and preserving software program present stays the perfect protection in opposition to evolving cyber threats.
Leveraging Defensive AI for Endpoint Safety to cease threats with 99.5% accuracy – Be part of Free Seminar
