Bulletin ID
Last updated on
Apr 8, 2025
Security Updates Available for Adobe FrameMaker | APSB25-33
|
|
Date Published |
Priority |
|---|---|---|
|
APSB25-33 |
April 8, 2025 |
3 |
Summary
Adobe has released a security update for Adobe FrameMaker. This update addresses critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, memory leak and application denial-of-service.
Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.
Affected Versions
|
Product |
Version |
Platform |
|---|---|---|
|
Adobe FrameMaker |
2020 Release Update 7 and earlier |
Windows |
|
Adobe FrameMaker |
2022 Release Update 5 and earlier |
Windows |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Numbers |
|
|---|---|---|---|---|---|
|
Out-of-bounds Write (CWE-787) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2025-30304 |
|
Heap-based Buffer Overflow (CWE-122) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2025-30295 |
|
Integer Underflow (Wrap or Wraparound) (CWE-191) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2025-30296 |
|
Out-of-bounds Write (CWE-787) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2025-30297 |
|
Stack-based Buffer Overflow (CWE-121) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2025-30298 |
|
Heap-based Buffer Overflow (CWE-122) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2025-30299 |
|
NULL Pointer Dereference (CWE-476) |
Application denial-of-service |
Important |
5.5 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
CVE-2025-30300 |
|
NULL Pointer Dereference (CWE-476) |
Application denial-of-service |
Important |
5.5 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
CVE-2025-30301 |
|
Out-of-bounds Read (CWE-125) |
Memory leak |
Important |
5.5 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
CVE-2025-30302 |
|
Out-of-bounds Read (CWE-125) |
Memory leak |
Important |
5.5 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
CVE-2025-30303 |
Acknowledgments
Adobe would like to thank the following Initiative for reporting the relevant issues and for working with Adobe to help protect our customers:
- Francis Provencher (prl)-- CVE-2025-30298, CVE-2025-30299, CVE-2025-30300, CVE-2025-30301, CVE-2025-30302, CVE-2025-30303, CVE-2025-30304
- yjdfy - CVE-2025-30295, CVE-2025-30296, CVE-2025-30297
NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com
