CVE Alert: CVE-2025-61804 - Adobe - Animate

CVE-2025-61804

HIGHNo exploitation known

Animate versions 23.0.13, 24.0.10 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS v3.1 (7.8)

AV LOCAL · AC LOW · PR NONE · UI REQUIRED · S UNCHANGED

Vendor

Adobe

Product

Animate

Versions

0 lte 23.0.13, 24.0.10

CWE

CWE-122, Heap-based Buffer Overflow (CWE-122)

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Published

2025-10-15T00:18:06.059Z

Updated

2025-10-15T14:55:08.156Z

References

https://helpx.adobe.com/security/products/animate/apsb25-97.html

AI Summary Analysis

Risk verdict

Why this matters

Most likely attack path

Who is most exposed

Detection ideas

Unexplained heap-related crashes or memory corruption events when opening files.
Suspicious process activity, e.g., the application spawning child processes after file open.
Anomalous memory allocation or crash dumps tied to the application.
Receipt of crafted file attachments or downloads that trigger the issue.
Unusual file-open activity from email/web clients tied to Animate usage.

Mitigation and prioritisation

Patch to the latest available version and apply vendor advisory guidance.
Enforce application control and allow-listing for the affected product.
Enable sandboxing/Protected View and restrict opening files from untrusted sources.
Deploy EDR detections for memory corruption indicators and anomalous file-open activity.
Train users to avoid opening suspicious attachments; schedule patching in the next maintenance window. If KEV or EPSS data becomes available with higher risk, elevate to priority 1.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: adobe, animate, CVE, cve-2025-61804, OSINT, threatintel