CVE-2025-27168
Published: 11 March 2025
Summary
CVE-2025-27168 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Adobe Illustrator. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 21.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the stack-based buffer overflow by requiring timely application of vendor security patches to vulnerable Adobe Illustrator versions.
Protects against arbitrary code execution from stack buffer overflows through memory safeguards like DEP and ASLR.
Requires validation of file inputs during processing to prevent buffer overflows from malformed files opened in Illustrator.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in file processing enables arbitrary code execution upon opening a malicious file, directly mapping to client-side exploitation (T1203) and user execution of malicious files (T1204.002).
NVD Description
Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must…
more
open a malicious file.
Deeper analysisAI
CVE-2025-27168 is a stack-based buffer overflow vulnerability (CWE-121, CWE-787) affecting Adobe Illustrator versions 29.2.1, 28.7.4, and earlier. The flaw occurs during file processing and can lead to arbitrary code execution in the context of the current user. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H), indicating high confidentiality, integrity, and availability impacts upon successful exploitation.
An attacker with local access to the victim's system can exploit this vulnerability by tricking the user into opening a specially crafted malicious file. No special privileges are required (PR:N), and the attack has low complexity (AC:L), but it depends on user interaction (UI:R) such as opening the file in Illustrator. Successful exploitation allows arbitrary code execution with the privileges of the current user, potentially enabling full system compromise if the user has elevated permissions.
Adobe's security bulletin APSB25-17, available at https://helpx.adobe.com/security/products/illustrator/apsb25-17.html, provides details on the vulnerability and recommends mitigation steps, including applying the latest security updates to affected Illustrator versions.
Details
- CWE(s)