Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-27167

Опубликовано: 11 мар. 2025
Источник: nvd
CVSS3: 7.8
EPSS Низкий

Описание

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*
Версия от 28.0 (включая) до 28.7.5 (исключая)
cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*
Версия от 29.0 (включая) до 29.3 (исключая)

Одно из

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 15%
0.00048
Низкий

7.8 High

CVSS3

Дефекты

CWE-426

Связанные уязвимости

github логотип

GHSA-3cw8-r66w-2976

CVSS3: 7.8
github
11 месяцев назад

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts.

fstec логотип

BDU:2025-03243

CVSS3: 7.8
fstec
11 месяцев назад

Уязвимость графического редактора Adobe Illustrator, связанная с использованием ненадёжного пути поиска, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 15%
0.00048
Низкий

7.8 High

CVSS3

Дефекты

CWE-426