CVE-2025-21133
Published: 14 January 2025
Summary
CVE-2025-21133 is a high-severity Wrap or Wraparound (CWE-191) vulnerability in Adobe Illustrator On Ipad. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 37.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the integer underflow vulnerability in Adobe Illustrator on iPad by requiring timely application of vendor patches from APSB25-04.
Identifies vulnerable versions of Adobe Illustrator on iPads through regular vulnerability scanning tailored to CVEs like CVE-2025-21133.
Mitigates arbitrary code execution resulting from the integer underflow by enforcing memory protections such as ASLR and DEP on the iPad.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Integer underflow enables arbitrary code execution via malicious file opened by user (T1204.002), directly facilitating client-side exploitation (T1203).
NVD Description
Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that…
more
a victim must open a malicious file.
Deeper analysisAI
CVE-2025-21133 is an Integer Underflow (Wrap or Wraparound) vulnerability, classified under CWE-191, affecting Adobe Illustrator on iPad in versions 3.0.7 and earlier. This flaw could lead to arbitrary code execution in the context of the current user. The vulnerability received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.
Exploitation requires local access and user interaction, specifically tricking a victim into opening a malicious file. No special privileges are needed (PR:N), and the attack complexity is low (AC:L). A successful exploit would allow an attacker to execute arbitrary code with the privileges of the user running the application, potentially compromising the affected iPad device.
Adobe has published security bulletin APSB25-04, available at https://helpx.adobe.com/security/products/illustrator-mobile-ios/apsb25-04.html, which provides details on the vulnerability and recommended mitigations for Illustrator on iOS. Security practitioners should consult this advisory for patch information and update guidance.
Details
- CWE(s)