216.73.217.64

CVE-2025-21127

· Published 14/01/2025 19:15 · Modified 11/02/2025 14:55

Labels: CVE-2025-21127 2025-01-14CVE-2025-21127CWE-427[email protected]

Essential information

Published
14/01/2025 19:15
Modified
11/02/2025 14:55
Author
Creator
CVSS
7.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. An attacker could manipulate the search path environment variable to point to a malicious library, resulting in the execution of arbitrary code when the application loads. Exploitation of this issue requires user interaction in that a victim must run the vulnerable application.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
adobe / photoshop cpe:2.3:a:adobe:photoshop:*:*:*:*:*:*:*:*
adobe / photoshop cpe:2.3:a:adobe:photoshop:*:*:*:*:*:*:*:*
apple / macos cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
microsoft / windows cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References