CVE-2025-21124: InDesign Desktop | Out-of-bounds Read (CWE-125)
First published: Tue Feb 11 2025(Updated: )
InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe InDesign | =20.0<19.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-21124?
CVE-2025-21124 is considered a high-severity vulnerability due to its potential to disclose sensitive memory.
How do I fix CVE-2025-21124?
To mitigate CVE-2025-21124, users should update Adobe InDesign Desktop to the latest version available from the vendor.
What versions of Adobe InDesign are affected by CVE-2025-21124?
CVE-2025-21124 affects Adobe InDesign Desktop versions 20.0 and 19.5.1 and earlier.
Can CVE-2025-21124 be exploited remotely?
Exploitation of CVE-2025-21124 requires user interaction, making it less likely to be exploited remotely.
What type of vulnerability is CVE-2025-21124?
CVE-2025-21124 is an out-of-bounds read vulnerability that allows potential disclosure of sensitive memory.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/title
- agent/description
- agent/type
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/author
- agent/source
- agent/tags
- agent/event
- vendor/adobe
- canonical/adobe indesign