CVE Alert: CVE-2025-61817 – Adobe – InCopy
CVE-2025-61817
InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AI Summary Analysis
Risk verdict
High risk of arbitrary code execution in the current user context if a crafted file is opened; exploitation requires user interaction and local access.
Why this matters
Attacker goals could include data theft, credential exposure, or malware execution within the user’s session, with potential lateral movement if the user has broader access. The impact spans confidentiality, integrity, and availability, particularly in publishing/design environments where InCopy is tied to connected workflows and document production.
Most likely attack path
An attacker ships a malicious InCopy file; the user opens it and triggers a Use After Free condition, resulting in code execution under the user’s permissions. The vulnerability is local, with low attack complexity and required UI interaction, making targeted phishing-style document delivery or compromised file exchanges plausible. Without elevated privileges, exploitation may remain within the current session, though higher-privilege users could still enable wider impact.
Who is most exposed
Organizations with design/publishing pipelines using InCopy on Windows or macOS, including studios, marketing departments, and contractors who exchange editable files or work with linked InCopy/InDesign workflows.
Detection ideas
- Crashes or hangs of InCopy after opening suspected files
- Unusual memory errors or heap-related crash dumps
- Rapid process spawning or suspicious child processes tied to InCopy
- Evidence of opened files from untrusted sources or attachments
- Timed anomalies aligning with document delivery events
Mitigation and prioritisation
- Patch to the vendor’s advised fixed version per APsB25-107; implement promptly when available
- Enable sandboxing or restricted file-handling for InCopy; apply application whitelisting
- Deploy EDR/EDR-like monitoring for memory-corruption patterns and unusual process activity
- User training to avoid opening untrusted documents; enforce strict file-transfer controls
- Change-management: test patch in staging, plan phased rollout; verify no regressions in workflow
- If KEV is present or EPSS ≥ 0.5, treat as priority 1; current data does not confirm these metrics—confirm them to refine prioritisation.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
