CVE-2025-21159 - Vulnerability Details - OpenCVE

Illustrator versions 29.1, 28.7.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Adobe	Illustrator

No data.

No data.

References

Link	Providers
https://helpx.adobe.com/security/products/illustrator/apsb25-11.html

History

Fri, 11 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00021}`	epss `{'score': 0.00023}`

Wed, 12 Feb 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 11 Feb 2025 17:45:00 +0000

Type	Values Removed	Values Added
Description		Illustrator versions 29.1, 28.7.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title		Illustrator \| Use After Free (CWE-416)
Weaknesses		CWE-416
References		https://helpx.adobe.com/security/products/illustrator/apsb25-11.html
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2025-02-11T17:27:39.557Z

Updated: 2025-02-14T04:55:28.600Z

Reserved: 2024-12-04T17:19:21.477Z

Link: CVE-2025-21159

Vulnrichment

Updated: 2025-02-12T20:24:38.312Z

NVD

Status : Received

Published: 2025-02-11T18:15:27.977

Modified: 2025-02-11T18:15:27.977

Link: CVE-2025-21159

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-21159", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2024-12-04T17:19:21.477Z", "datePublished": "2025-02-11T17:27:39.557Z", "dateUpdated": "2025-02-14T04:55:28.600Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Illustrator", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "28.7.3", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2025-02-11T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "Illustrator versions 29.1, 28.7.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "Use After Free (CWE-416)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2025-02-11T17:27:39.557Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/illustrator/apsb25-11.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Illustrator | Use After Free (CWE-416)"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-13T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-21159"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-14T04:55:28.600Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-21159", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-11T19:43:56.266809Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:24:38.312Z"}}], "cna": {"title": "Illustrator | Use After Free (CWE-416)", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "modifiedScope": "UNCHANGED", "temporalScore": 7.8, "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "temporalSeverity": "HIGH", "availabilityImpact": "HIGH", "environmentalScore": 7.8, "privilegesRequired": "NONE", "exploitCodeMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "LOCAL", "confidentialityImpact": "HIGH", "environmentalSeverity": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedIntegrityImpact": "HIGH", "modifiedUserInteraction": "REQUIRED", "modifiedAttackComplexity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAvailabilityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedConfidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Adobe", "product": "Illustrator", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "28.7.3"}], "defaultStatus": "affected"}], "datePublic": "2025-02-11T17:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/security/products/illustrator/apsb25-11.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Illustrator versions 29.1, 28.7.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "Use After Free (CWE-416)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2025-02-11T17:27:39.557Z"}}}, "cveMetadata": {"cveId": "CVE-2025-21159", "state": "PUBLISHED", "dateUpdated": "2025-02-14T04:55:28.600Z", "dateReserved": "2024-12-04T17:19:21.477Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2025-02-11T17:27:39.557Z", "assignerShortName": "adobe"}, "dataVersion": "5.1"}