Adobe InDesign
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Adobe InDesign.
Recent Adobe InDesign Security Advisories
| Advisory | Title | Published |
|---|---|---|
| APSB25-106 | Security Update Available for Adobe InDesign | APSB25-106 | November 11, 2025 |
| APSB25-79 | Security Update Available for Adobe InDesign | APSB25-79 | August 12, 2025 |
| APSB25-60 | Security Update Available for Adobe InDesign | APSB25-60 | July 8, 2025 |
| APSB25-53 | Security Update Available for Adobe InDesign | APSB25-53 | June 10, 2025 |
| APSB25-37 | Security Update Available for Adobe InDesign | APSB25-37 | May 13, 2025 |
| APSB25-19 | Security Update Available for Adobe InDesign | APSB25-19 | March 11, 2025 |
| APSB25-01 | Security Update Available for Adobe InDesign | APSB25-01 | February 11, 2025 |
| APSB24-97 | Security Update Available for Adobe InDesign | APSB24-97 | December 10, 2024 |
| APSB24-91 | Security Update Available for Adobe InDesign | APSB24-91 | November 21, 2024 |
| APSB24-88 | Security Update Available for Adobe InDesign | APSB24-88 | November 12, 2024 |
By the Year
In 2025 there have been 52 vulnerabilities in Adobe InDesign with an average score of 7.2 out of ten. Last year, in 2024 InDesign had 45 security vulnerabilities published. That is, 7 more vulnerabilities have already been reported in 2025 as compared to last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.56.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 52 | 7.18 |
| 2024 | 45 | 6.62 |
| 2023 | 2 | 5.50 |
It may take a day or so for new InDesign vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe InDesign Security Vulnerabilities
Adobe InDesign Desktop Use-After-Free (UAF) before 20.5
CVE-2025-61815
7.8 - High
- November 11, 2025
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe InDesign UAF Vulnerability (20.5/19.5.5)
CVE-2025-61814
7.8 - High
- November 11, 2025
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe InDesign Desktop 20.5/19.5.5 & Earlier: Heap Buffer Overflow
CVE-2025-61824
7.8 - High
- November 11, 2025
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Heap Overflow in Adobe InDesign Desktop (20.5) Arbitrary Exec
CVE-2025-61832
7.8 - High
- November 11, 2025
InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
InDesign Desktop before 20.4 UAF
CVE-2025-54224
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe InDesign OOB Write v20.4 and earlier
CVE-2025-54206
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe InDesign RCE via Uninitialized Pointer (v20.4, v19.5.4 and prior)
CVE-2025-54207
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Access of Uninitialized Pointer
RCE via OOB Write in Adobe InDesign <20.5
CVE-2025-54208
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
InDesign Desktop Heap Buffer Overflow v20.4/19.5.4 and earlier
CVE-2025-54209
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Adobe InDesign OOB Write in Desktop 20.4/19.5.4 (before 20.4)
CVE-2025-54210
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe InDesign Heap BF in versions <20.4
CVE-2025-54211
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Adobe InDesign 20.4 Heap Buffer Overflow (malicious file)
CVE-2025-54212
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Adobes InDesign Out-of-Bounds Write (20.4/19.5.4)
CVE-2025-54213
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
InDesign Desktop UAF in versions <=20.4, 19.5.4 & earlier
CVE-2025-54225
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe InDesign Desktop UAF in 20.4/19.5.4
CVE-2025-54226
7.8 - High
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe InDesign OOB Read (CVE-2025-54214) – Desktop <20.4
CVE-2025-54214
5.5 - Medium
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
InDesign OOB Read (CVE-2025-54227) Mem Disclosure v<=20.4
CVE-2025-54227
5.5 - Medium
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe InDesign 20.4 OOB Read Disclosure
CVE-2025-54228
5.5 - Medium
- August 12, 2025
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Integer Underflow <19.5.3 causing code exec in Adobe InDesign Desktop
CVE-2025-47136
7.8 - High
- July 08, 2025
InDesign Desktop versions 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer underflow
Adobe InDesign Desktop <=19.5.3 Heap Overflow: Arbitrary Code Execution
CVE-2025-43591
7.8 - High
- July 08, 2025
InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Adobe InDesign Desktop <19.5.3 Vulnerability: Access of Uninitialized Pointer
CVE-2025-43592
7.8 - High
- July 08, 2025
InDesign Desktop versions 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Access of Uninitialized Pointer
InDesign Desktop Heap-based Overflow 19.5.3 and earlier
CVE-2025-47103
7.8 - High
- July 08, 2025
InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Adobe InDesign 19.5.3 Heap Buffer Overflow (CVE-2025-47134)
CVE-2025-47134
7.8 - High
- July 08, 2025
InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
Adobe InDesign Desktop OOB Write in 19.5.3 or earlier for arbitrary code exec
CVE-2025-43594
7.8 - High
- July 08, 2025
InDesign Desktop versions 19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe InDesign Desktop <20.2 UAF in File Parser bypassing ASLR
CVE-2025-47106
5.5 - Medium
- June 10, 2025
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe InDesign Desktop <=20.2 OOB Read Exposes Memory & Might Bypass ASLR
CVE-2025-47105
5.5 - Medium
- June 10, 2025
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe InDesign Desktop OOB Read CVE-2025-47104 (ID20.2 and earlier)
CVE-2025-47104
5.5 - Medium
- June 10, 2025
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe InDesign Desktop OOB Write CVE-2025-43593 Before 20.2
CVE-2025-43593
7.8 - High
- June 10, 2025
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe InDesign <20.2 OOB Write Allows Arbitrary Exec
CVE-2025-43590
7.8 - High
- June 10, 2025
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe InDesign <=20.2 Use-After-Free Yields Arbitrary Code Exec
CVE-2025-43589
7.8 - High
- June 10, 2025
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe InDesign OOB Write vID20.2–ID19.5.3 – Arbitrary Code Exec
CVE-2025-43558
7.8 - High
- June 10, 2025
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe InDesign Desktop <=20.2 NULL Pointer Deref
CVE-2025-30321
5.5 - Medium
- June 10, 2025
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Adobe InDesign Desktop <=20.2 Heap Buffer Overflow / Arbitrary Code Exec
CVE-2025-30317
7.8 - High
- June 10, 2025
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Heap-based Buffer Overflow
InDesign Desktop NULL Pointer Deref before ID20.2 Causes DoS
CVE-2025-30320
5.5 - Medium
- May 13, 2025
InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
InDesign Desktop OOB Write (ID19.5.2/ID20.2-) CVE-2025-30318
CVE-2025-30318
7.8 - High
- May 13, 2025
InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
InDesign <=20.2 NULL Pointer Deref -> Application DoS
CVE-2025-30319
5.5 - Medium
- May 13, 2025
InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Adobe InDesign Desktop NPD Vulnerability ID20.1 & Earlier
CVE-2025-27179
5.5 - Medium
- March 11, 2025
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Adobe InDesign NULL Pointer Dereference (ID20.1/earlier)
CVE-2025-27176
5.5 - Medium
- March 11, 2025
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
InDesign Desktop OOB Write CVE-2025-27178 < ID20.1
CVE-2025-27178
7.8 - High
- March 11, 2025
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
InDesign Desktop Heap Overflow ID20.1/ID19.5.2 (CVE-2025-27177)
CVE-2025-27177
7.8 - High
- March 11, 2025
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
InDesign Desktop OOBW (Arbitrary Exec) ID20.1+
CVE-2025-27175
7.8 - High
- March 11, 2025
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe InDesign Desktop ID20.1 Heap Buffer Overflow CVE-2025-27171
CVE-2025-27171
7.8 - High
- March 11, 2025
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
InDesign Desktop OOB Write CVE-2025-27166 (Before v20.1)
CVE-2025-27166
7.8 - High
- March 11, 2025
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Heap Overflow in Adobe InDesign 20.1 (CVE-2025-24453)
CVE-2025-24453
7.8 - High
- March 11, 2025
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe InDesign Desktop OOB Write CVE-2025-24452 (ID19.5.2 ID20.1)
CVE-2025-24452
7.8 - High
- March 11, 2025
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe InDesign Desktop OOB Read ID20.0 Exploit via File
CVE-2025-21124
5.5 - Medium
- February 11, 2025
InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe InDesign Improper Input Validation in UI leads to DoS (before ID20.0)
CVE-2025-21126
5.5 - Medium
- February 11, 2025
InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service condition. An attacker could exploit this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Improper Input Validation
Adobe InDesign Desktop NULL Deref DoS (ID20.0+)
CVE-2025-21125
5.5 - Medium
- February 11, 2025
InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Adobe InDesign <=20.0: Heap B.O.F. via Malicious File
CVE-2025-21123
7.8 - High
- February 11, 2025
InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe InDesign Desktop <20.0 OOB Write in File Parser
CVE-2025-21121
7.8 - High
- February 11, 2025
InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Adobe InDesign or by Adobe? Click the Watch button to subscribe.
