Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
After Effects versions 25.2, 24.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Analysis
After Effects versions 25.2, 24.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Technical ContextAI
An out-of-bounds memory access occurs when code reads from or writes to memory locations outside the intended buffer boundaries. This vulnerability is classified as Out-of-bounds Read (CWE-125).
RemediationAI
Implement proper bounds checking on all array and buffer accesses. Use memory-safe languages or static analysis tools to detect OOB issues.
More in After Effects
View allAdobe After Effects versions 16.1.2 and earlier have an out-of-bounds write vulnerability. Rated critical severity (CVSS
Adobe After Effects version 18.1 (and earlier) is affected by a potential Command injection vulnerability when chained w
Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. Rated h
After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result i
After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result i
After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that cou
After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result i
After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could re
Arbitrary code execution in Adobe After Effects 25.6 and earlier results from an out-of-bounds read vulnerability trigge
Code execution in Adobe After Effects 25.6 and earlier through out-of-bounds memory reads when processing malicious file
Out-of-bounds memory reads in Adobe After Effects 25.6 and earlier enable arbitrary code execution when users open speci
Arbitrary code execution in Adobe After Effects 25.6 and earlier through a use-after-free memory vulnerability requires
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-20520