CVE-2025-21133 – Adobe Illustrator on iPad versions 3.0.7 and ea... (How to Fix)

Q: What is the severity of CVE-2025-21133?

CVE-2025-21133 has a CVSS score of 7.8 (HIGH). Adobe Illustrator on iPad versions 3.0.7 and earlier contain an integer underflow vulnerability that could allow arbitrary code execution when a user opens a malicious file. This affects iPad users running vulnerable versions of Illustrator, requiring user interaction to trigger the exploit.

📋 TL;DR

Adobe Illustrator on iPad versions 3.0.7 and earlier contain an integer underflow vulnerability that could allow arbitrary code execution when a user opens a malicious file. This affects iPad users running vulnerable versions of Illustrator, requiring user interaction to trigger the exploit.

💻 Affected Systems

Products:

Adobe Illustrator for iPad

Versions: 3.0.7 and earlier

Operating Systems: iPadOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects iPad versions of Illustrator; desktop versions are not impacted. Requires user to open a malicious file.

📦 What is this software?

Illustrator On Ipad by Adobe

View all CVEs affecting Illustrator On Ipad →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the iPad in the context of the logged-in user, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive files, applications, and user data stored on the device.

🟢

If Mitigated

No impact if users avoid opening untrusted files and keep software updated.

🌐 Internet-Facing: LOW - Exploitation requires local file access and user interaction, not directly reachable via network.

🏢 Internal Only: MEDIUM - Risk exists if users within an organization open malicious files from internal sources like email attachments or shared drives.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires crafting a malicious file and convincing the user to open it. No public exploits are known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.8 or later

Vendor Advisory: https://helpx.adobe.com/security/products/illustrator-mobile-ios/apsb25-04.html

Restart Required: No

Instructions:

1. Open the App Store on your iPad. 2. Tap your profile icon. 3. Scroll to find Adobe Illustrator. 4. Tap 'Update' if available. 5. Alternatively, open Illustrator and check for in-app updates.

🔧 Temporary Workarounds

Avoid opening untrusted files

all

Do not open Illustrator files from unknown or untrusted sources, including email attachments and downloads.

🧯 If You Can't Patch

Restrict Illustrator usage to trusted files only through policy or user training.
Implement application whitelisting to prevent execution of malicious payloads if exploitation occurs.

🔍 How to Verify

Check if Vulnerable:

Open Illustrator on iPad, go to Settings > About, and check if version is 3.0.7 or earlier.

Check Version:

Not applicable - check via app interface on iPad.

Verify Fix Applied:

Confirm Illustrator version is 3.0.8 or later in Settings > About.

📡 Detection & Monitoring

Log Indicators:

Unusual Illustrator crash logs
File access from unexpected sources

Network Indicators:

None - exploitation is local file-based

SIEM Query:

Not applicable due to local file-based nature; monitor for Illustrator crashes or suspicious file opens.

📊 Metadata

CVE ID: CVE-2025-21133

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-191

EPSS Score: 0.04% exploit probability (12.5th percentile)

Published: January 14, 2025

Last Updated: September 9, 2025

🔗 References

https://helpx.adobe.com/security/products/illustrator-mobile-ios/apsb25-04.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21133, you might also want to check these: