CVE-2025-61836 – Adobe Illustrator on iPad versions 3.0.9 and ea... (How to Fix)

Q: What is the severity of CVE-2025-61836?

CVE-2025-61836 has a CVSS score of 7.8 (HIGH). Adobe Illustrator on iPad versions 3.0.9 and earlier contain an integer underflow vulnerability that could allow arbitrary code execution when a user opens a malicious file. This affects iPad users running vulnerable versions of Illustrator, requiring user interaction to trigger exploitation.

📋 TL;DR

Adobe Illustrator on iPad versions 3.0.9 and earlier contain an integer underflow vulnerability that could allow arbitrary code execution when a user opens a malicious file. This affects iPad users running vulnerable versions of Illustrator, requiring user interaction to trigger exploitation.

💻 Affected Systems

Products:

Adobe Illustrator for iPad

Versions: 3.0.9 and earlier

Operating Systems: iPadOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects iPad versions of Illustrator, not desktop versions. Requires user to open a malicious file.

📦 What is this software?

Illustrator On Ipad by Adobe

View all CVEs affecting Illustrator On Ipad →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive files, application data, or system resources on the affected iPad.

🟢

If Mitigated

Limited impact with proper application sandboxing and user awareness preventing malicious file execution.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). No public exploit code identified at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.1.0 or later

Vendor Advisory: https://helpx.adobe.com/security/products/illustrator-mobile-ios/apsb25-111.html

Restart Required: No

Instructions:

Open the App Store on your iPad
Tap your profile icon
Find Adobe Illustrator in the update list
Tap 'Update'
Launch Illustrator to verify successful update

🔧 Temporary Workarounds

Disable automatic file opening

all

Configure iPad to require explicit user confirmation before opening files in Illustrator

Restrict file sources

all

Only open Illustrator files from trusted sources and avoid downloading files from unknown origins

🧯 If You Can't Patch

Discontinue use of Illustrator on iPad until patched
Implement mobile device management (MDM) policies to restrict file sharing and app usage

🔍 How to Verify

Check if Vulnerable:

Open Illustrator on iPad, go to Settings > About, check if version is 3.0.9 or earlier

Check Version:

Not applicable - check version through app interface

Verify Fix Applied:

After updating through App Store, verify version shows 3.1.0 or later in Settings > About

📡 Detection & Monitoring

Log Indicators:

Unexpected Illustrator crashes
Suspicious file opening events
Memory access violations in system logs

Network Indicators:

Unusual outbound connections from Illustrator app
File downloads from untrusted sources

SIEM Query:

Not applicable - primarily local app vulnerability

📊 Metadata

CVE ID: CVE-2025-61836

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-191

EPSS Score: 0.03% exploit probability (9.4th percentile)

Published: November 11, 2025

Last Updated: November 12, 2025

🔗 References

https://helpx.adobe.com/security/products/illustrator-mobile-ios/apsb25-111.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61836, you might also want to check these: