Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN788
_____________________________________________________________________

DATE                : 12/11/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe InCopy versions prior
                                to 21.0, 20.5.1.

=====================================================================
https://helpx.adobe.com/security/products/incopy/apsb25-107.html
_____________________________________________________________________


Security Update Available for Adobe InCopy | APSB25-107


Bulletin ID       Date Published          Priority

APSB25-107        November 11, 2025       3


Summary

Adobe has released a security update for Adobe InCopy.  This update
addresses critical vulnerabilities that could lead to arbitrary code
execution.           

Adobe is not aware of any exploits in the wild for any of the issues
addressed in these updates.  

      
Affected versions

Product           Affected version            Platform

Adobe InCopy      20.5 and earlier versions   Windows and macOS

Adobe InCopy      19.5.5 and earlier versions Windows and macOS


Solution

Adobe categorizes these updates with the following priority rating
and recommends users update their software installations via the
Creative Cloud desktop app updater, or by navigating to the InCopy
Help menu and clicking "Updates." For more information, please
reference this help page.

Product        Updated version       Platform        Priority rating

Adobe InCopy   21.0                Windows  and macOS  3

Adobe InCopy   20.5.1              Windows  and macOS  3

For managed environments, IT administrators can use the Creative
Cloud Packager to create deployment packages. Refer to this help
page for more information.


Vulnerability Details

Vulnerability Category    Vulnerability Impact    Severity
CVSS base score      CVSS vector      CVE Number

Heap-based Buffer Overflow (CWE-122)    Arbitrary code execution
Critical   7.8   CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-61816

Use After Free (CWE-416)    Arbitrary code execution   Critical
7.8    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-61817

Use After Free (CWE-416)    Arbitrary code execution   Critical
7.8    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2025-61818


Acknowledgments

Adobe would like to thank the following researchers for reporting
this issue and for working with Adobe to help protect our
customers.  

    yjdfy -- CVE-2025-61817, CVE-2025-61818
    Jony (jony_juice) -- CVE-2025-61816

NOTE: Adobe has a public bug bounty program with HackerOne. If you
are interested in working with Adobe as an external security
researcher, please check out https://hackerone.com/adobe


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================