CVE-2025-30305: XMPWorker | Out-of-bounds Read (CWE-125)
First published: Tue Apr 08 2025(Updated: )
XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe XMP Toolkit SDK | <2023.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-30305?
CVE-2025-30305 has a high severity due to its potential for sensitive memory disclosure.
How do I fix CVE-2025-30305?
To mitigate CVE-2025-30305, upgrade to XMP Toolkit version 2023.13 or later.
What types of systems are affected by CVE-2025-30305?
CVE-2025-30305 affects Adobe XMP Toolkit versions 2023.12 and earlier.
What are the potential consequences of exploiting CVE-2025-30305?
Exploitation of CVE-2025-30305 could allow an attacker to bypass ASLR protections and disclose sensitive information.
Does CVE-2025-30305 require user interaction for exploitation?
Yes, exploitation of CVE-2025-30305 requires user interaction to successfully execute.
- agent/weakness
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/author
- agent/source
- agent/severity
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe xmp toolkit sdk