Bulletin ID
Last updated on
24 October 2025
Security update available for Adobe Creative Cloud Desktop Application | APSB25-95
|
|
Date Published |
Priority |
|---|---|---|
|
APSB25-95 |
October 14, 2025 |
3 |
Summary
Adobe has released an update for the Creative Cloud Desktop for macOS. This update includes a fix for an important vulnerability that could lead to arbitrary file system write in the context of the current user.
Affected Versions
|
Product |
Affected version |
Platform |
|
Creative Cloud Desktop Application |
6.7.0.278 and earlier versions |
macOS |
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
|
Product |
Updated version |
Platform |
Priority rating |
Availability |
|
Creative Cloud Desktop Application |
6.8.0.821 |
macOS |
3 |
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Numbers |
|
|---|---|---|---|---|---|
|
Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) |
Arbitrary file system write |
Important |
5.6 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N |
CVE-2025-54271 |
Acknowledgments:
Adobe would like to thank the following for reporting the relevant issues and for working with Adobe to help protect our customers:
- Marcell Molnár (marcellmolnar) -- CVE-2025-54271
NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe.
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.
