CVE-2025-21124

Summary

CVE-2025-21124 is a newly disclosed out-of-bounds read vulnerability affecting Adobe InDesign Desktop versions ID20.0, ID19.5.1, and older. This issue allows malicious data to read beyond designated memory boundaries, potentially exposing sensitive information. An attacker could exploit this vulnerability by creating a specially crafted file that, when opened by a victim, triggers the out-of-bounds read. This exploit could bypass Address Space Layout Randomization (ASLR), making the attack more effective. Users are advised to update their InDesign software as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.