Adobe has issued critical security updates for Photoshop on both Windows and macOS after
uncovering several severe vulnerabilities that could allow attackers to run arbitrary code on a victim's system.
The company’s security bulletin highlights three major flaws affecting Photoshop 2025 (version 26.5 and earlier) and Photoshop 2024 (version 25.12.2 and earlier).
These vulnerabilities pose a significant risk because they can enable threat actors to execute code that compromises the entire system. The first flaw, identified as CVE-2025-30324, is an Integer Underflow (Wrap or Wraparound) issue categorized under CWE-191. This occurs when numerical operations cause a value to loop past its minimum or maximum limit, resulting in unexpected behavior that can be exploited.
The second flaw, CVE-2025-30325, is an Integer Overflow or Wraparound issue (CWE-190). It arises when mathematical operations exceed the allowed value range, but in the opposite direction. Both integer-related issues have received a Critical severity rating with a CVSS score of 7.8.
The third vulnerability, CVE-2025-30326, involves Access of Uninitialized Pointer (CWE-824). This happens when the software attempts to use memory through a pointer that has not yet been initialized. It also carries a Critical severity rating and shares the same CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. However, security experts recommend immediate patching due to the critical nature of these flaws.
According to Adobe, any of these flaws if successfully exploited, could let an attacker run code within the current user’s context. If the user has administrative rights, the attacker could gain full control of the system, install software, access or alter files, or create new user accounts with full privileges.
Fortunately, Adobe has confirmed that none of these vulnerabilities have been exploited in the wild so far.
To address the issues, Adobe has released updated versions of the software. Users of Photoshop 2025 should upgrade to version 26.6, while Photoshop 2024 users should install version 25.12.3.
These patches have been assigned a Priority 3 rating, meaning they affect products that are not commonly targeted by attackers.
Users can update through the Creative Cloud desktop app. In managed IT environments, updates can be deployed via the Admin Console. Adobe credited security researcher “yjdfy” for responsibly disclosing all three flaws and working with the company to improve user safety.
All Photoshop users are strongly encouraged to update to the latest versions to reduce the risk of exploitation. Keeping software up to date remains one of the most effective defenses against cyber threats.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
