CVE-2025-21162 – Photoshop Elements 2025.0 and earlier versions ... (How to Fix)

Q: What is the severity of CVE-2025-21162?

CVE-2025-21162 has a CVSS score of 5.5 (MEDIUM). Photoshop Elements 2025.0 and earlier versions contain a vulnerability where temporary files are created with insecure permissions, allowing local privilege escalation. Attackers could exploit this by tricking users into opening malicious files, potentially gaining elevated privileges on the affected system. This affects all users running vulnerable versions of Photoshop Elements.

📋 TL;DR

Photoshop Elements 2025.0 and earlier versions contain a vulnerability where temporary files are created with insecure permissions, allowing local privilege escalation. Attackers could exploit this by tricking users into opening malicious files, potentially gaining elevated privileges on the affected system. This affects all users running vulnerable versions of Photoshop Elements.

💻 Affected Systems

Products:

Adobe Photoshop Elements

Versions: 2025.0 and earlier

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable. Requires user interaction to open malicious files.

📦 What is this software?

Photoshop Elements by Adobe

View all CVEs affecting Photoshop Elements →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full compromise of the current user account, allowing attackers to install malware, steal sensitive data, or pivot to other systems.

🟠

Likely Case

Limited privilege escalation within the user's context, potentially allowing access to restricted files or system resources.

🟢

If Mitigated

No impact if users avoid opening untrusted files and proper file permissions are enforced.

🌐 Internet-Facing: LOW - Requires local access or user interaction with malicious files.

🏢 Internal Only: MEDIUM - Insider threats or compromised internal accounts could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and knowledge of local file system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2025.1 or later

Vendor Advisory: https://helpx.adobe.com/security/products/photoshop_elements/apsb25-13.html

Restart Required: Yes

Instructions:

1. Open Photoshop Elements. 2. Go to Help > Updates. 3. Install available updates. 4. Restart the application.

🔧 Temporary Workarounds

Restrict file permissions

windows

Set stricter permissions on temporary directories used by Photoshop Elements

icacls "%TEMP%\Adobe" /inheritance:r /grant:r "%USERNAME%:(OI)(CI)F" /T

🧯 If You Can't Patch

Restrict user permissions to limit potential damage from privilege escalation
Implement application whitelisting to prevent execution of unauthorized files

🔍 How to Verify

Check if Vulnerable:

Check Photoshop Elements version in Help > About Photoshop Elements

Check Version:

On Windows: reg query "HKLM\SOFTWARE\Adobe\Photoshop Elements\2025" /v Version

Verify Fix Applied:

Verify version is 2025.1 or later after applying updates

📡 Detection & Monitoring

Log Indicators:

Unusual file creation in temporary directories
Photoshop Elements process spawning unexpected child processes

Network Indicators:

No network indicators - local vulnerability only

SIEM Query:

EventID=4688 AND ParentImage="*PhotoshopElements.exe" AND CommandLine="*temp*"

📊 Metadata

CVE ID: CVE-2025-21162

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE: CWE-379

EPSS Score: 0.04% exploit probability (12.6th percentile)

Published: February 11, 2025

Last Updated: July 25, 2025

🔗 References

https://helpx.adobe.com/security/products/photoshop_elements/apsb25-13.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21162, you might also want to check these: