CVE-2025-21133

High

Published: 14 January 2025

Published

14 January 2025

Modified

09 September 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0017 37.9th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Security Summary

CVE-2025-21133 is an Integer Underflow (Wrap or Wraparound) vulnerability, classified under CWE-191, affecting Adobe Illustrator on iPad in versions 3.0.7 and earlier. This flaw could lead to arbitrary code execution in the context of the current user. The vulnerability received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

Exploitation requires local access and user interaction, specifically tricking a victim into opening a malicious file. No special privileges are needed (PR:N), and the attack complexity is low (AC:L). A successful exploit would allow an attacker to execute arbitrary code with the privileges of the user running the application, potentially compromising the affected iPad device.

Adobe has published security bulletin APSB25-04, available at https://helpx.adobe.com/security/products/illustrator-mobile-ios/apsb25-04.html, which provides details on the vulnerability and recommended mitigations for Illustrator on iOS. Security practitioners should consult this advisory for patch information and update guidance.

Details

CWE(s): CWE-191

Affected Products

adobe

illustrator on ipad

≤ 3.0.8

References

https://helpx.adobe.com/security/products/illustrator-mobile-ios/apsb25-04.html
Vendor Advisory · psirt@adobe.com