CVE-2025-61828 – Adobe Illustrator on iPad versions 3.0.9 and ea... (How to Fix)

Q: What is the severity of CVE-2025-61828?

CVE-2025-61828 has a CVSS score of 7.8 (HIGH). Adobe Illustrator on iPad versions 3.0.9 and earlier contain an out-of-bounds write vulnerability that could allow attackers to execute arbitrary code when a user opens a malicious file. This affects iPad users running vulnerable Illustrator versions and requires user interaction to exploit.

📋 TL;DR

Adobe Illustrator on iPad versions 3.0.9 and earlier contain an out-of-bounds write vulnerability that could allow attackers to execute arbitrary code when a user opens a malicious file. This affects iPad users running vulnerable Illustrator versions and requires user interaction to exploit.

💻 Affected Systems

Products:

Adobe Illustrator for iPad

Versions: 3.0.9 and earlier

Operating Systems: iPadOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects iPad versions of Illustrator, not desktop versions. Requires user to open a malicious file.

📦 What is this software?

Illustrator On Ipad by Adobe

View all CVEs affecting Illustrator On Ipad →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or persistent access.

🟠

Likely Case

Local privilege escalation leading to data exfiltration or malware installation on the affected iPad.

🟢

If Mitigated

No impact if users avoid opening untrusted files and have updated to patched versions.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). No public exploit code known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.1.0 or later

Vendor Advisory: https://helpx.adobe.com/security/products/illustrator-mobile-ios/apsb25-111.html

Restart Required: Yes

Instructions:

Open App Store on iPad
Tap your profile icon
Find Adobe Illustrator in update list
Tap 'Update'
Restart iPad after installation completes

🔧 Temporary Workarounds

Disable automatic file opening

all

Configure iPad to require manual confirmation before opening files in Illustrator

Restrict file sources

all

Only open Illustrator files from trusted sources and avoid downloading files from unknown websites or emails

🧯 If You Can't Patch

Discontinue use of Illustrator on iPad until patch can be applied
Use alternative vector graphics software on iPad

🔍 How to Verify

Check if Vulnerable:

Open Illustrator on iPad, go to Settings > About, check if version is 3.0.9 or earlier

Check Version:

Not applicable - check via iPad app interface

Verify Fix Applied:

Verify Illustrator version is 3.1.0 or later in Settings > About

📡 Detection & Monitoring

Log Indicators:

Unexpected Illustrator crashes
Files with unusual extensions being opened in Illustrator
Memory access violations in system logs

Network Indicators:

Unusual outbound connections from iPad after opening Illustrator files

SIEM Query:

Not applicable - mobile device logs typically not in enterprise SIEM

📊 Metadata

CVE ID: CVE-2025-61828

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.04% exploit probability (12.7th percentile)

Published: November 11, 2025

Last Updated: November 12, 2025

🔗 References

https://helpx.adobe.com/security/products/illustrator-mobile-ios/apsb25-111.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61828, you might also want to check these: