CVE-2025-54270
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-10-17
Assigner: Adobe Systems Incorporated
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| adobe | animate | From 23.0.0 (inc) to 23.0.15 (exc) |
| adobe | animate | From 24.0.0 (inc) to 24.0.12 (exc) |
| apple | macos | * |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a NULL Pointer Dereference in Animate versions 23.0.13, 24.0.10 and earlier. It can cause memory exposure, allowing an attacker to disclose sensitive memory information if a victim opens a malicious file.
How can this vulnerability impact me? :
The vulnerability can lead to the disclosure of sensitive memory information, potentially exposing confidential data. Exploitation requires user interaction, specifically opening a malicious file.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that you do not open malicious files from untrusted sources. Update Animate to a version later than 23.0.13 or 24.0.10 as these versions are affected. Avoid user interaction with suspicious files to prevent exploitation.