Description
Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-02-10
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution
Action: Patch Now
AI Analysis

Impact

Adobe Audition versions 25.3 and earlier contain an out‑of‑bounds write that can be triggered by a malicious file. The flaw allows an attacker to write to memory locations beyond the bounds of a buffer, potentially leading to the execution of arbitrary code in the context of the user who opens the file. The severity of the vulnerability, as reflected in a CVSS score of 7.8, underscores that any successful exploitation could compromise the integrity of the affected system.

Affected Systems

The vulnerability impacts Adobe Audition from the Adobe suite. Specifically, all releases up to and including version 25.3 are affected. No other products or versions are mentioned as impacted.

Risk and Exploitability

Despite the low exploitation probability, the flaw allows code execution with the privileges of the logged‑in user. An attacker who successfully delivers a malicious media file could gain control over the system, potentially leading to data theft, ransomware deployment, or lateral movement. The lack of a public exploitation instance provides some breathing space, but the presence of a high CVSS score and the widespread use of Audition mean that administrators should treat the vulnerability as a high‑priority issue until a patch is applied.

Generated by OpenCVE AI on April 18, 2026 at 12:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Adobe Audition security update that corrects the out‑of‑bounds write flaw, according to the official Adobe advisory.
  • Until the patch is installed, avoid opening media files from untrusted or unknown sources and disable any automatic preview features if available.
  • Maintain an up‑to‑date antivirus or antimalware solution that scans all files before they are processed by Audition, and keep the operating system and Adobe software regularly updated.

Generated by OpenCVE AI on April 18, 2026 at 12:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Feb 2026 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:adobe:audition:*:*:*:*:*:*:*:*

Tue, 10 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe audition
Vendors & Products Adobe
Adobe audition

Tue, 10 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Description Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Audition | Out-of-bounds Write (CWE-787)
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Audition
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-02-26T15:04:07.505Z

Reserved: 2025-12-12T22:01:18.192Z

Link: CVE-2026-21312

cve-icon Vulnrichment

Updated: 2026-02-25T15:43:50.455Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T18:16:28.257

Modified: 2026-02-11T15:57:42.060

Link: CVE-2026-21312

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T13:00:08Z

Weaknesses