CVE-2025-27167
Published: 11 March 2025
Summary
CVE-2025-27167 is a high-severity Untrusted Search Path (CWE-426) vulnerability in Adobe Illustrator. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Search Order Hijacking (T1574.008); ranked at the 22.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the untrusted search path vulnerability in Adobe Illustrator by applying vendor-provided patches as recommended in APSB25-17.
Verifies the authenticity of software components prior to execution, preventing Illustrator from loading malicious programs via manipulated search paths.
Monitors for unauthorized changes to software and resources in directories searched by Illustrator, identifying malicious path redirections or file replacements.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The untrusted search path vulnerability (CWE-426) directly enables an attacker to manipulate the application's resource search path (e.g., via environment variables or directory placement) to load and execute malicious programs, mapping to Path Interception by Search Order Hijacking.
NVD Description
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path…
more
to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts.
Deeper analysisAI
CVE-2025-27167 is an Untrusted Search Path vulnerability (CWE-426) affecting Adobe Illustrator versions 29.2.1, 28.7.4, and earlier. The flaw arises when the application relies on a search path to locate critical resources such as programs, allowing an attacker to manipulate that path to redirect to malicious programs or resources. This could enable execution of arbitrary code, unauthorized access to data files, or unintended modification of configurations, as the application trusts these resources without sufficient validation.
The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating local access is required with low attack complexity, no privileges needed, but user interaction is necessary. A local attacker could exploit it by modifying the search path—such as through environment variables or directory placement—to trick Illustrator into loading and executing malicious programs or accessing sensitive data, potentially leading to high-impact confidentiality, integrity, and availability compromises on the affected system.
Adobe's security bulletin APSB25-17, available at https://helpx.adobe.com/security/products/illustrator/apsb25-17.html, provides details on the vulnerability and recommended mitigations, including available patches for affected Illustrator versions. Security practitioners should prioritize updating to patched versions to address this issue.
Details
- CWE(s)