Adobe has launched a crucial safety replace for its standard design software program Illustrator, addressing a extreme vulnerability that might permit attackers to execute arbitrary code on focused programs.
The safety bulletin particulars a heap-based buffer overflow vulnerability that impacts a number of variations of the software program on each Home windows and macOS platforms.
The safety flaw, recognized as CVE-2025-30330, has been categorized as crucial with a CVSS base rating of seven.8.
Safety researchers categorize this as a heap-based buffer overflow vulnerability (CWE-122) that might doubtlessly result in full system compromise if efficiently exploited.
“This vulnerability might permit an attacker to execute arbitrary code within the context of the present person,” explains the Adobe safety bulletin.
The technical vector for the vulnerability is described as CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating native entry with excessive affect on confidentiality, integrity, and availability.
In keeping with cybersecurity specialists, exploitation of this vulnerability requires person interplay, particularly {that a} sufferer should open a malicious file crafted by the attacker.
This represents a typical assault vector the place malicious actors distribute specifically crafted Illustrator recordsdata via electronic mail attachments, compromised web sites, or different means.
A distant attacker can trick the sufferer into opening a specifically crafted file, set off a heap-based buffer overflow and execute arbitrary code on the goal system.
Adobe credited a safety researcher recognized solely as “yjdfy” for locating and reporting the vulnerability.
Affected Software program Variations
The vulnerability impacts the next Adobe Illustrator variations:
Illustrator 2025 model 29.3 and earlier on Home windows and macOS.
Illustrator 2024 model 28.7.5 and earlier on Home windows and macOS.
Danger FactorsDetailsAffected ProductsAdobe Illustrator 2025 (≤29.3)Adobe Illustrator 2024 (≤28.7.5)ImpactArbitrary code executionExploit PrerequisitesUser interplay requiredVictim should open malicious .ai/.eps fileCVSS 3.1 Score7.8 (Essential)
Mitigation
Adobe has addressed this vulnerability within the following up to date variations:
Illustrator 2025 model 29.4 and above.
Illustrator 2024 model 28.7.6 and above.
Customers are strongly suggested to replace their Illustrator installations instantly via the Artistic Cloud desktop software’s replace mechanism. For many who have disabled automated updates, handbook intervention might be required.
The corporate said it’s not conscious of any exploits within the wild focusing on this vulnerability, however this might change quickly as particulars turn into public.
Organizations utilizing Adobe Illustrator implement a complete patch administration technique, contemplate disabling automated updates to regulate deployment scheduling, and preserve person consciousness concerning the dangers of opening recordsdata from untrusted sources.
Customers involved about potential exploitation ought to replace their software program instantly and train warning when opening Illustrator recordsdata from unknown or untrusted sources.
Vulnerability Assault Simulation on How Hackers Quickly Probe Web sites for Entry Factors – Free Webinar
