CVE-2025-21134

High

Published: 14 January 2025

Published

14 January 2025

Modified

09 September 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0017 37.9th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Security Summary

CVE-2025-21134 is an Integer Underflow (Wrap or Wraparound) vulnerability, classified as CWE-191, affecting Adobe Illustrator on iPad versions 3.0.7 and earlier. The flaw resides in the application and could result in arbitrary code execution in the context of the current user.

Exploitation requires local access with low complexity and no privileges, but user interaction is necessary as a victim must open a malicious file. An attacker can craft such a file to trick the user into opening it, achieving high impacts on confidentiality, integrity, and availability, as reflected in the CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Adobe Security Bulletin APSB25-04 provides details on mitigation, available at https://helpx.adobe.com/security/products/illustrator-mobile-ios/apsb25-04.html. The bulletin was published on 2025-01-14.

Details

CWE(s): CWE-191

Affected Products

adobe

illustrator on ipad

≤ 3.0.8

References

https://helpx.adobe.com/security/products/illustrator-mobile-ios/apsb25-04.html
Vendor Advisory · psirt@adobe.com