CVE-2021-21078 MEDIUM

CVE-2021-21078: Adobe Creative Cloud Unquoted Service Path in CCXProcess

Vendor Adobe
Product Creative Cloud (desktop component)
Weakness CWE-426
Published March 12, 2021
Last update April 23, 2025

CVSS base score

6.5/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction

Key dates

02Disclosure timeline

March 12, 2021 CVE published
April 23, 2025 Record updated