CVE-2025-30320 – Adobe InDesign versions ID19.5.2, ID20.2 and ea... (How to Fix)

Q: What is the severity of CVE-2025-30320?

CVE-2025-30320 has a CVSS score of 5.5 (MEDIUM). Adobe InDesign versions ID19.5.2, ID20.2 and earlier contain a NULL pointer dereference vulnerability that allows attackers to cause denial-of-service by crashing the application. Exploitation requires a user to open a malicious file. This affects users of vulnerable InDesign versions who process untrusted documents.

📋 TL;DR

Adobe InDesign versions ID19.5.2, ID20.2 and earlier contain a NULL pointer dereference vulnerability that allows attackers to cause denial-of-service by crashing the application. Exploitation requires a user to open a malicious file. This affects users of vulnerable InDesign versions who process untrusted documents.

💻 Affected Systems

Products:

Adobe InDesign

Versions: ID19.5.2 and earlier, ID20.2 and earlier

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Indesign by Adobe

View all CVEs affecting Indesign →

Indesign by Adobe

View all CVEs affecting Indesign →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash leading to data loss in unsaved work and disruption of publishing workflows.

🟠

Likely Case

Temporary denial-of-service where the application crashes when opening a malicious file, requiring restart and potentially losing unsaved work.

🟢

If Mitigated

No impact if users only open trusted files from verified sources.

🌐 Internet-Facing: LOW - Exploitation requires user interaction with malicious files, not network exposure.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files, causing workflow disruption.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction (opening malicious file). No authentication bypass needed as user already has file access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ID19.5.3 and ID20.3

Vendor Advisory: https://helpx.adobe.com/security/products/indesign/apsb25-37.html

Restart Required: Yes

Instructions:

1. Open Adobe Creative Cloud application. 2. Navigate to 'Apps' tab. 3. Find Adobe InDesign. 4. Click 'Update' button. 5. Wait for download and installation. 6. Restart computer if prompted.

🔧 Temporary Workarounds

Restrict file sources

all

Only open InDesign files from trusted sources and verified senders.

Sandbox execution

all

Run InDesign in isolated environment or virtual machine when processing untrusted files.

🧯 If You Can't Patch

Implement strict file validation policies - only accept InDesign files from trusted sources
Use application whitelisting to prevent execution of malicious files

🔍 How to Verify

Check if Vulnerable:

Check InDesign version via Help > About InDesign. If version is ID19.5.2 or earlier, or ID20.2 or earlier, system is vulnerable.

Check Version:

On Windows: Check via Creative Cloud app or Help > About InDesign. On macOS: Check via Creative Cloud app or InDesign > About InDesign.

Verify Fix Applied:

Verify version is ID19.5.3 or later, or ID20.3 or later via Help > About InDesign.

📡 Detection & Monitoring

Log Indicators:

Application crash logs with NULL pointer dereference errors
Unexpected InDesign termination events

Network Indicators:

No network indicators - exploitation is file-based

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="indesign.exe" AND ExceptionCode=0xc0000005

📊 Metadata

CVE ID: CVE-2025-30320

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.03% exploit probability (7.9th percentile)

Published: May 13, 2025

Last Updated: May 14, 2025

🔗 References

https://helpx.adobe.com/security/products/indesign/apsb25-37.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30320, you might also want to check these: