CVE-2025-54240

CWE-125Out-of-bounds Read4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 93.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe After Effects
Timeline
PublishedSep 9

Description

After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDadobe/after_effects25.025.4+1
CVEListV5adobe/after_effects24.6.7

🔴Vulnerability Details

2
CVEList
After Effects | Out-of-bounds Read (CWE-125)2025-09-09
GHSA
GHSA-5fm7-cgv8-w4v8: After Effects versions 252025-09-09
CVE-2025-54240 (MEDIUM CVSS 5.5) | After Effects versions 25.3 | cvebase.io