CVE-2025-21134 – Adobe Illustrator on iPad versions 3.0.7 and ea... (How to Fix)

Q: What is the severity of CVE-2025-21134?

CVE-2025-21134 has a CVSS score of 7.8 (HIGH). Adobe Illustrator on iPad versions 3.0.7 and earlier contain an integer underflow vulnerability that could allow arbitrary code execution when a user opens a malicious file. This affects iPad users running vulnerable versions of the Illustrator app.

📋 TL;DR

Adobe Illustrator on iPad versions 3.0.7 and earlier contain an integer underflow vulnerability that could allow arbitrary code execution when a user opens a malicious file. This affects iPad users running vulnerable versions of the Illustrator app.

💻 Affected Systems

Products:

Adobe Illustrator for iPad

Versions: 3.0.7 and earlier

Operating Systems: iPadOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects iPad versions of Illustrator, not desktop versions. Requires user to open a malicious file.

📦 What is this software?

Illustrator On Ipad by Adobe

View all CVEs affecting Illustrator On Ipad →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the logged-in user, potentially leading to data theft, ransomware deployment, or persistent access.

🟠

Likely Case

Local privilege escalation allowing attackers to execute malicious code, access sensitive files, or install additional malware on the affected iPad.

🟢

If Mitigated

Limited impact with proper application sandboxing and user awareness preventing malicious file execution.

🌐 Internet-Facing: LOW - Exploitation requires local file access and user interaction, not directly exposed to internet attacks.

🏢 Internal Only: MEDIUM - Risk exists within organizations where users might receive malicious files via email, messaging, or file sharing.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and knowledge of the integer underflow condition. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.8 or later

Vendor Advisory: https://helpx.adobe.com/security/products/illustrator-mobile-ios/apsb25-04.html

Restart Required: No

Instructions:

1. Open the App Store on your iPad. 2. Tap your profile icon. 3. Scroll to find Adobe Illustrator. 4. Tap 'Update' if available. 5. Alternatively, uninstall and reinstall to get latest version.

🔧 Temporary Workarounds

Avoid opening untrusted files

all

Do not open Illustrator files from unknown or untrusted sources.

🧯 If You Can't Patch

Restrict file opening to trusted sources only
Use mobile device management (MDM) to block Illustrator app if necessary

🔍 How to Verify

Check if Vulnerable:

Check Illustrator version in app settings or App Store update history.

Check Version:

Open Illustrator → Settings → About → Check version number

Verify Fix Applied:

Confirm Illustrator version is 3.0.8 or higher in app settings.

📡 Detection & Monitoring

Log Indicators:

App crash logs from Illustrator, unusual file access patterns

Network Indicators:

Unusual outbound connections from iPad after opening Illustrator files

SIEM Query:

Illustrator app crash events OR suspicious file opens from untrusted sources

📊 Metadata

CVE ID: CVE-2025-21134

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-191

EPSS Score: 0.04% exploit probability (12.5th percentile)

Published: January 14, 2025

Last Updated: September 9, 2025

🔗 References

https://helpx.adobe.com/security/products/illustrator-mobile-ios/apsb25-04.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21134, you might also want to check these: