CVE-2025-27198
📋 TL;DR
A heap-based buffer overflow vulnerability in Adobe Photoshop allows attackers to execute arbitrary code when a user opens a malicious file. This affects Photoshop Desktop users running vulnerable versions, potentially compromising their systems. The vulnerability requires user interaction through file opening.
💻 Affected Systems
- Adobe Photoshop Desktop
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining the same privileges as the current user, leading to data theft, ransomware deployment, or lateral movement.
Likely Case
Local code execution allowing malware installation, credential harvesting, or persistence mechanisms on the affected workstation.
If Mitigated
Limited impact with proper application sandboxing, least privilege user accounts, and file validation controls in place.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file). No public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to Photoshop 25.12.2 or 26.4.2
Vendor Advisory: https://helpx.adobe.com/security/products/photoshop/apsb25-30.html
Restart Required: Yes
Instructions:
1. Open Adobe Creative Cloud application
2. Navigate to 'Apps' section
3. Find Photoshop in your installed apps
4. Click 'Update' button next to Photoshop
5. Wait for download and installation to complete
6. Restart Photoshop when prompted
🔧 Temporary Workarounds
Restrict Photoshop file types
allConfigure system or application to only allow trusted Photoshop file formats and block potentially malicious extensions.
Run Photoshop with reduced privileges
windowsConfigure Photoshop to run with limited user permissions rather than administrative rights.
🧯 If You Can't Patch
- Implement application control to restrict Photoshop from executing unknown code
- Deploy endpoint detection and response (EDR) to monitor for suspicious Photoshop process behavior
🔍 How to Verify
Check if Vulnerable:
Check Photoshop version in Help > About Photoshop. If version is 25.12.1 or earlier, or 26.4.1 or earlier, the system is vulnerable.Check Version:
On Windows: Check Photoshop version in Help > About Photoshop. On macOS: Photoshop > About Photoshop.Verify Fix Applied:
Verify Photoshop version is 25.12.2 or higher for version 25.x, or 26.4.2 or higher for version 26.x.📡 Detection & Monitoring
Log Indicators:
- Unusual Photoshop process spawning child processes
- Photoshop crashes with memory access violations
- Photoshop opening files from unusual locations
Network Indicators:
- Photoshop process making unexpected network connections after file open
SIEM Query:
process_name:photoshop.exe AND (child_process_count > 3 OR memory_usage_anomaly = true)