Description
Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-02-10
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive information disclosure via memory exposure
Action: Patch Audition
AI Analysis

Impact

Audition versions 25.3 and earlier contain an out‑of‑bounds read that allows a maliciously crafted file to reveal data stored in memory. The flaw could disclose confidential information such as passwords, cryptographic keys, or other secrets that reside in the process address space. The vulnerability affects confidentiality and could be used as a precursor to other attacks when the exposed data is valuable to an adversary.

Affected Systems

Adobe Audition is affected. All builds through version 25.3 are vulnerable; versions 26.0 and later include the fix and are not impacted.

Risk and Exploitability

The attack requires user interaction – a victim must open a malicious audio file. CVSS score of 5.5 indicates moderate risk, and the EPSS score is less than 1 % suggesting a low probability of exploitation. The issue is not listed in the CISA Known Exploited Vulnerabilities catalog, implying no currently known active exploitation. Attack vectors are local and file‑based; mitigation involves preventing the execution of unknown files or updating to a patched revision.

Generated by OpenCVE AI on April 17, 2026 at 20:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Adobe Audition 26.0 or newer to apply the official fix.
  • Avoid opening audio files from untrusted or unknown sources.
  • Run a reputable antivirus or anti‑malware solution to scan media prior to opening.

Generated by OpenCVE AI on April 17, 2026 at 20:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Feb 2026 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:adobe:audition:*:*:*:*:*:*:*:*

Tue, 10 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe audition
Vendors & Products Adobe
Adobe audition

Tue, 10 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Description Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Audition | Out-of-bounds Read (CWE-125)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Adobe Audition
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-02-11T15:19:20.194Z

Reserved: 2025-12-12T22:01:18.193Z

Link: CVE-2026-21313

cve-icon Vulnrichment

Updated: 2026-02-11T15:19:15.450Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T18:16:28.417

Modified: 2026-02-11T15:57:50.340

Link: CVE-2026-21313

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T20:45:25Z

Weaknesses