CVE-2025-49570

Published Aug 12, 2025

Last updated 7 months ago

CVSS high 7.8

Overview

Description
Photoshop Desktop versions 25.12.3, 26.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Source
psirt@adobe.com
NVD status
Analyzed
Products
photoshop

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

psirt@adobe.com
CWE-787

Social media

Hype score
Not currently trending

  1. 🚨Upozorňujeme na sérii zranitelností v produktech Adobe Commerce, Illustrator, Photoshop, CVE-2025-49557, CVE-2025-49563, CVE-2025-49570. Zranitelnosti umožňují útočníkovi, který přiměje uživatele k otevření speciálně upraveného souboru (např. PSD, AI, 3D mo

    @GOVCERT_CZ

    20 Aug 2025

    403 Impressions

    1 Retweet

    4 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. CVE-2025-49570 Photoshop Desktop versions 25.12.3, 26.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context… https://t.co/bhjSdgLswm

    @CVEnew

    13 Aug 2025

    211 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Photoshop Desktop versions 26.8.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVE-2025-61819
  2. Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVE-2025-30325
  3. Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVE-2025-30326
  4. Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVE-2025-30324
  5. Photoshop Desktop versions 25.12.1, 26.4.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.CVE-2025-27198

References

Sources include official advisories and independent security research.