CVE Alert: CVE-2025-61818 – Adobe – InCopy
CVE-2025-61818
HIGHNo exploitation known
InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS v3.1 (7.8)
AV LOCAL · AC LOW · PR NONE · UI REQUIRED · S UNCHANGED
Vendor
Adobe
Product
InCopy
Versions
0 lte 19.5.5
CWE
CWE-416, Use After Free (CWE-416)
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published
2025-11-11T17:06:13.261Z
Updated
2025-11-11T17:06:13.261Z
AI Summary Analysis
Risk verdict
Why this matters
Most likely attack path
Who is most exposed
Detection ideas
- Crashes or crash dumps triggered by opening specific files.
- Memory corruption or heap-related errors in the application process.
- Unusual CPU/memory spikes immediately after file opens.
- Anomalous file open events from trusted shares or email attachments.
- EDR alerts for exploit-like patterns or abnormal heap activity.
Mitigation and prioritisation
- Apply the vendor patch to the latest supported version as soon as released.
- Enable application sandboxing, memory protection, and strict app controls; restrict opening of untrusted files.
- Improve email/file-trust controls and enforce robust phishing defenses; restrict off-network file sharing where feasible.
- Test patches in a staging environment before broad rollout; implement phased deployment.
- Treat as priority 1 if KEV is true or EPSS ≥ 0.5; otherwise proceed as high priority.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
AI APIs OSINT driven New features
