Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN785
_____________________________________________________________________

DATE                : 12/11/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe Photoshop versions prior to
                                      26.9.

=====================================================================
https://helpx.adobe.com/security/products/photoshop/apsb25-108.html
_____________________________________________________________________

Security update available for Adobe Photoshop | APSB25-108

Bulletin ID          Date Published          Priority

APSB25-108           November 11,  2025      3


Summary

Adobe has released an update for Photoshop for Windows and macOS.  This
update resolves a critical vulnerability.  Successful exploitation
could lead to arbitrary code execution.

Adobe is not aware of any exploits in the wild for any of the issues
addressed in these updates.


Affected Versions

Product              Affected version                 Platform

Photoshop 2025       26.8.1 and earlier versions      Windows


Solution

Adobe categorizes these updates with the following priority ratings and
recommends users update their installation to the newest version via
the Creative Cloud desktop app’s update mechanism.  For more
information, please reference this help page.    


Product           Updated versions       Platform      Priority

Photoshop 2025    26.9 and later versions   Windows and macOS   3


Note

For managed environments, IT administrators can use the Admin Console
to deploy Creative Cloud applications to end users. Refer to this help
page for more information.


Vulnerability Details

Vulnerability Category     Vulnerability Impact   Severity   
CVSS base score      CVSS vector        CVE Number

Heap-based Buffer Overflow (CWE-122)     Arbitrary code execution
Critical      7.8   CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-61819


Acknowledgments

Adobe would like to thank the following researcher for reporting this
issue and for working with Adobe to help protect our customers:   

    yjdfy -- CVE-2025-61819

NOTE: Adobe has a public bug bounty program with HackerOne. If you
are interested in working with Adobe as an external security
researcher, please check out https://hackerone.com/adobe. 

For more information, visit https://helpx.adobe.com/security.html,
or email PSIRT@adobe.com.

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================