CVE Alert: CVE-2025-61824 – Adobe – InDesign Desktop

Risk verdict

Why this matters

Most likely attack path

Who is most exposed

Detection ideas

• Crashes or memory-corruption events in InDesign after opening a file
• Unusual memory/CPU spikes during file load or document preview
• Unexpected process spawn or code execution activity linked to InDesign
• Alerts for crafted file attachments or documents masquerading as design assets
• Anomalous user activity following file opens (lateral access attempts or drive mapping)

Mitigation and prioritisation

• Apply the vendor patch/upgrade to the fixed build across all affected endpoints.
• Enforce least privilege, application control (AppLocker/WDAC), and sandboxing for InDesign; restrict auto-open of external design files.
• Enable robust EDR coverage and memory-detection rules for InDesign crashes.
• Validate and test patches in a staging environment before broad rollout; track remediation progress.
• If KEV true or EPSS ≥ 0.5, treat as priority 1.