CVE-2025-30320
InDesign Desktop | NULL Pointer Dereference (CWE-476)
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
13 May 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected products
Adobe · InDesign Desktop