CVE-2025-21127

CWE-4273 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 65.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe PhotoshopAdobe Photoshop Desktop
Timeline
PublishedJan 14

Description

Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. An attacker could manipulate the search path environment variable to point to a malicious library, resulting in the execution of arbitrary code when the application loads. Exploitation of this issue requires user interaction in that a victim must run the vulnerable application.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5adobe/photoshop_desktop26.1
NVDadobe/photoshop25.025.12.1+1

🔴Vulnerability Details

2
CVEList
Photoshop Desktop | Uncontrolled Search Path Element (CWE-427)2025-01-14
GHSA
GHSA-46hr-24vx-hm3m: Photoshop Desktop versions 252025-01-14
CVE-2025-21127 (HIGH CVSS 7.8) | Photoshop Desktop versions 25.12 | cvebase.io