Adobe has released an urgent security update for Illustrator after discovering a critical vulnerability (CVE-2025-30330) that affects both Windows and macOS versions of Illustrator 2024 and 2025.
The flaw is a heap-based buffer overflow that could let attackers run malicious code if a user opens a specially crafted file. It’s rated 7.8 (High) on the CVSS scale.
Adobe urges users to update immediately through the Creative Cloud app to stay protected.
The issue, reported by researcher yjdfy via HackerOne, shows how attackers can use a simple file to take full control of a device. Even viewing or editing the file can trigger the exploit.
Adobe classifies this as Critical due to its ability to affect system integrity, confidentiality, and availability.
Affected Versions and How to Update
The vulnerability affects:
- Illustrator 2025 (version 29.3 and earlier)
- Illustrator 2024 (version 28.7.5 and earlier)
— on both Windows and macOS.
Adobe has fixed the issue in:
- Illustrator 2025 version 29.4
- Illustrator 2024 version 28.7.6
Users should update immediately using the Creative Cloud desktop app or by downloading the patch from Adobe’s security bulletin page.
Although no active attacks have been reported, Adobe recommends applying the update within 30 days. Organizations using Illustrator should act quickly to reduce the risk of targeted attacks.
Adobe quickly responded by patching the vulnerability and crediting researcher yjdfy through its HackerOne bug bounty program.
The company’s security team (PSIRT) is actively monitoring for threats and encourages users to report any new issues.
For large organizations, Adobe recommends enabling auto-updates in the Creative Cloud admin console. Individual users can check their version by going to Help > About Illustrator and updating if needed.
No active attacks have been reported, but Adobe warns users to avoid opening unknown or suspicious files—even after patching.
This case highlights the need for strong update habits and caution when handling files in complex design tools like Illustrator.
![Nifty[.]com Infrastructure Exploited in Phishing Attack](https://firsthackersnews.com/wp-content/uploads/2023/10/Phishing-Attacks_-Recognize-and-Avoid-Email-Phishing-1-500x383.jpg)
Leave A Comment