Login Sign Up

CVE-2023-25859

7.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2023-25859 is an improper input validation vulnerability in Adobe Illustrator that allows arbitrary code execution when a user opens a malicious file. This affects Illustrator users on versions 26.5.2 and earlier, and 27.2.0 and earlier. Successful exploitation requires user interaction but gives attackers full control of the affected system.

💻 Affected Systems

Products:
  • Adobe Illustrator
Versions: 26.5.2 and earlier, 27.2.0 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. Requires user to open a malicious file.

📦 What is this software?

Illustrator by Adobe

View all CVEs affecting Illustrator →

Illustrator by Adobe

View all CVEs affecting Illustrator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control as the current user, enabling data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malware installation or data exfiltration through spear-phishing campaigns targeting designers with malicious Illustrator files.

🟢

If Mitigated

No impact if users avoid opening untrusted files and systems are properly patched.

🌐 Internet-Facing: LOW with brief explanation
🏢 Internal Only: MEDIUM with brief explanation

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction (opening malicious file). No public exploit code known at advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 26.5.3 and 27.3.0

Vendor Advisory: https://helpx.adobe.com/security/products/illustrator/apsb23-19.html

Restart Required: Yes

Instructions:

1. Open Adobe Creative Cloud application. 2. Navigate to 'Apps' section. 3. Find Illustrator and click 'Update'. 4. Restart Illustrator after update completes.

🔧 Temporary Workarounds

Disable Illustrator file opening

windows

Temporarily block Illustrator from opening files via group policy or application control

Use application sandboxing

all

Run Illustrator in sandboxed environment to limit potential damage

🧯 If You Can't Patch

  • Implement strict email filtering to block Illustrator files from untrusted sources
  • Train users to never open Illustrator files from unknown or untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Illustrator version via Help > About Illustrator. If version is 26.5.2 or earlier, or 27.2.0 or earlier, system is vulnerable.

Check Version:

On Windows: wmic product where name="Adobe Illustrator" get version

Verify Fix Applied:

Verify Illustrator version is 26.5.3 or higher for version 26.x, or 27.3.0 or higher for version 27.x.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected Illustrator crashes
  • Suspicious file opens from email attachments
  • Unusual process spawning from Illustrator

Network Indicators:

  • Outbound connections from Illustrator to unknown IPs
  • DNS requests for suspicious domains after file open

SIEM Query:

source="*illustrator*" AND (event="crash" OR event="file_open") AND file_extension="ai"

📊 Metadata

CVE ID: CVE-2023-25859
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-20
Published: March 22, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-25859, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)