Description
Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-02-10
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch
AI Analysis

Impact

Adobe Audition versions 25.3 and earlier contain an out‑of‑bounds read flaw that can expose memory contents, potentially leaking sensitive data. The weakness, identified as CWE-125, allows an attacker to read beyond the intended buffer and disclose information stored in memory. Exploitation requires the victim to open a specially crafted file, after which the memory contents can be read by the application.

Affected Systems

Adobe Audition, any version 25.3 or earlier, on all supported platforms. No hardware or operating system restrictions are noted.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity with moderate impact on confidentiality, limited impact on integrity and availability, and a moderately large impact range. The EPSS score is below 1%, suggesting that exploitation is unlikely in the broader threat landscape. Adobe does not list this issue in its KEV catalog, and the vulnerability is only exploitable when a user voluntarily opens a malicious file, making user awareness a critical defense layer. Attacks would proceed by delivering a crafted media file, typically via email or file transfer, and tricking a user to open it, leveraging the out‑of‑bounds read to expose memory data.

Generated by OpenCVE AI on April 18, 2026 at 12:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Adobe Audition update (v25.4 or newer) that patches the out‑of‑bounds read.
  • Restrict users from opening unknown or untrusted media files, and provide user training to avoid opening suspicious files.
  • Maintain up‑to‑date antivirus and endpoint protection that can detect malicious media content and block its execution.

Generated by OpenCVE AI on April 18, 2026 at 12:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Feb 2026 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:adobe:audition:*:*:*:*:*:*:*:*

Tue, 10 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe audition
Vendors & Products Adobe
Adobe audition

Tue, 10 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Description Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Audition | Out-of-bounds Read (CWE-125)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Adobe Audition
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-02-11T15:14:47.126Z

Reserved: 2025-12-12T22:01:18.193Z

Link: CVE-2026-21314

cve-icon Vulnrichment

Updated: 2026-02-11T15:14:42.872Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T18:16:28.570

Modified: 2026-02-11T15:57:54.653

Link: CVE-2026-21314

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T13:00:08Z

Weaknesses