Description
Audition versions 25.3 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-02-10
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure via Out‑of‑Bounds Read
Action: Patch
AI Analysis

Impact

Adobe Audition versions 25.3 and older contain an out‑of‑bounds read that can expose data stored in memory. The flaw allows an attacker who supplies a malicious file to read contents beyond a buffer, revealing sensitive information. It does not permit code execution or denial of service, and is limited to memory disclosure.

Affected Systems

The issue affects all users of Adobe Audition 25.3 or earlier, regardless of operating system, when the application is instructed to open a compromised file. No specific platform is singled out in the advisory.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than one percent suggests a low probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires user interaction: a victim must open a maliciously crafted file. Because the impact is limited to information disclosure and does not lead to further compromise, the overall risk remains modest compared to higher‑impact vulnerabilities.

Generated by OpenCVE AI on April 18, 2026 at 18:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe Audition to version 25.4 or newer, which removes the out‑of‑bounds read flaw.
  • If an upgrade is not immediately feasible, run Audition in a sandboxed or isolated environment to limit memory exposure when opening untrusted files.
  • Restrict the directories from which Audition can open files, ensuring only trusted documents are accessible, thereby reducing the chance of a malicious file being processed.

Generated by OpenCVE AI on April 18, 2026 at 18:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Feb 2026 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:adobe:audition:*:*:*:*:*:*:*:*

Tue, 10 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe audition
Vendors & Products Adobe
Adobe audition

Tue, 10 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Description Audition versions 25.3 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Audition | Out-of-bounds Read (CWE-125)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Adobe Audition
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-02-11T15:20:48.254Z

Reserved: 2025-12-12T22:01:18.193Z

Link: CVE-2026-21315

cve-icon Vulnrichment

Updated: 2026-02-11T15:20:44.455Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T18:16:28.720

Modified: 2026-02-11T15:57:33.997

Link: CVE-2026-21315

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:15:06Z

Weaknesses