CVE-2025-27184: After Effects | Out-of-bounds Read (CWE-125)
First published: Tue Apr 08 2025(Updated: )
After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe After Effects 2025 | <24.6.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-27184?
CVE-2025-27184 is classified as a critical vulnerability due to its potential to disclose sensitive memory.
How do I fix CVE-2025-27184?
To fix CVE-2025-27184, update Adobe After Effects to version 25.1 or later, or ensure you are using version 24.6.5 or newer.
What versions of Adobe After Effects are affected by CVE-2025-27184?
CVE-2025-27184 affects Adobe After Effects versions 25.1, 24.6.4, and earlier.
What are the risks associated with CVE-2025-27184?
The risks associated with CVE-2025-27184 include potential disclosure of sensitive memory data and the ability to bypass security mitigations like ASLR.
Is user interaction needed for the exploitation of CVE-2025-27184?
Yes, exploitation of CVE-2025-27184 requires user interaction.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/description
- agent/type
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/last-modified-date
- agent/severity
- agent/source
- agent/tags
- agent/event
- vendor/adobe
- canonical/adobe after effects 2025