CVE-2025-64896
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-12
Assigner: Adobe Systems Incorporated
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| adobe | creative_cloud | to 6.8.0.821 (inc) |
| adobe | creative_cloud_desktop | 6.4.0.361 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-379 | The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Creative Cloud Desktop versions 6.4.0.361 and earlier, where temporary files are created in directories with incorrect permissions. An attacker can exploit this by manipulating these temporary files, which requires the victim to open a malicious file. This manipulation can cause the application to deny service, disrupting its normal functionality.
How can this vulnerability impact me? :
The vulnerability can lead to an application denial-of-service, meaning the affected Creative Cloud Desktop application could stop functioning properly or become unavailable. This disruption can affect productivity and access to the application until the issue is resolved.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Creative Cloud Desktop to a version later than 6.4.0.361. Avoid opening untrusted or suspicious files to prevent exploitation that requires user interaction.