Photoshop Desktop Unctrl Search Path Vuln CVE-2025-21127 (pre 27.0)
CVE-2025-21127 Published on January 14, 2025
Photoshop Desktop | Uncontrolled Search Path Element (CWE-427)
Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. An attacker could manipulate the search path environment variable to point to a malicious library, resulting in the execution of arbitrary code when the application loads. Exploitation of this issue requires user interaction in that a victim must run the vulnerable application.
Vulnerability Analysis
CVE-2025-21127 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a DLL preloading Vulnerability?
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
CVE-2025-21127 has been classified to as a DLL preloading vulnerability or weakness.
Products Associated with CVE-2025-21127
Want to know whenever a new CVE is published for Adobe Photoshop? stack.watch will email you.
Affected Versions
Adobe Photoshop Desktop:- Before and including 26.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.