Bulletin ID
Last updated on
Dec 9, 2025
Security update available for Adobe Creative Cloud Desktop Application | APSB25-120
|
|
Date Published |
Priority |
|---|---|---|
|
APSB25-120 |
December 9, 2025 |
3 |
Summary
Adobe has released an update for the Creative Cloud Desktop for macOS. This update includes a fix for an important vulnerability that could lead to application denial-of-service in the context of the current user.
Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.
Affected Versions
|
Product |
Affected version |
Platform |
|
Creative Cloud Desktop Application |
6.4.0.361 and earlier versions |
macOS |
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
|
Product |
Updated version |
Platform |
Priority rating |
Availability |
|
Creative Cloud Desktop Application |
6.8.0.821 |
macOS |
3 |
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Numbers |
|
|---|---|---|---|---|---|
|
Creation of Temporary File in Directory with Incorrect Permissions (CWE-379) |
Application denial-of-service |
Important |
5.0 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L |
CVE-2025-64896 |
Acknowledgments:
Adobe would like to thank the following for reporting the relevant issues and for working with Adobe to help protect our customers:
- Hao Huang & Bocheng Xiang From FDU -- CVE-2025-64896
NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe.
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.
