SecuriTricks - CVE-2025-21127

Description

Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. An attacker could manipulate the search path environment variable to point to a malicious library, resulting in the execution of arbitrary code when the application loads. Exploitation of this issue requires user interaction in that a victim must run the vulnerable application.

Product(s) Impacted

Vendor	Product	Versions
Adobe	Photoshop	*
Apple	Macos	-
Microsoft	Windows	-

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	adobe	photoshop	/	/	/	/	/	/	/	/
a	adobe	photoshop	/	/	/	/	/	/	/	/
o	apple	macos	-	/	/	/	/	/	/	/
o	microsoft	windows	-	/	/	/	/	/	/	/

References

https://helpx.adobe.com/security/products/photoshop/apsb25-02.html

CVSS Score

7.8 / 10

CVSS Data - 3.1

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

View Vector String

Timeline

Published: Jan. 14, 2025, 7:15 p.m.
Last Modified: Feb. 11, 2025, 2:55 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@adobe.com

CVE-2025-21127