CVE-2025-27171
Published: 11 March 2025
Summary
CVE-2025-27171 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Adobe Indesign. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 26.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely remediation of the heap-based buffer overflow vulnerability in InDesign through application of Adobe's security patches.
Implements memory protections such as DEP and ASLR to prevent arbitrary code execution from heap buffer overflows triggered by malicious files.
Enables vulnerability scanning to identify systems running vulnerable InDesign versions affected by this CVE, facilitating remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The heap buffer overflow enables arbitrary code execution when a user opens a crafted malicious .indd file, directly mapping to exploitation of client software (T1203) and user execution of a malicious file (T1204.002).
NVD Description
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim…
more
must open a malicious file.
Deeper analysisAI
CVE-2025-27171 is a heap-based buffer overflow vulnerability (CWE-122, CWE-787) affecting Adobe InDesign Desktop versions ID20.1, ID19.5.2, and earlier. The flaw occurs during file processing and can lead to arbitrary code execution in the context of the current user. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H), indicating high impact with low attack complexity but requiring local access and user interaction.
An attacker can exploit this vulnerability by crafting a malicious file that, when opened by a victim in a vulnerable InDesign version, triggers the buffer overflow and executes arbitrary code with the privileges of the logged-in user. No special privileges are needed (PR:N), but the victim must actively open the file (UI:R), making it suitable for targeted attacks via social engineering, such as phishing emails with malicious InDesign documents (.indd files).
Adobe Security Bulletin APSB25-19, available at https://helpx.adobe.com/security/products/indesign/apsb25-19.html, details the vulnerability and recommends mitigation through applying the latest security updates to affected InDesign versions.
Details
- CWE(s)