CVE-2021-28581

📊 7.3 HIGH⚡ 0.1%🎯 0 exploits

📅 Published Sep 8, 2021

📋 Status: Modified

Adobe Creative Cloud Desktop 3.5 (and earlier) is affected by an uncontrolled search path vulnerability that could result in elevation of privileges. Exploitation of this issue requires user interaction in that a victim must log on to the attacker's local machine.

CVSS v3.0 • [email protected]

🎯 Affected Products & Systems

2 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	adobe	creative cloud	≤ 5.3	Vulnerable	cpe:2.3:a:adobe:creative_cloud::::::::
💻OS	microsoft	windows	All versions	Not Vulnerable	cpe:2.3:o:microsoft:windows:-:::::::*

📱

adobe / creative cloud

Application

Vulnerable

Version: ≤ 5.3

CPE:

cpe:2.3:a:adobe:creative_cloud:*:*:*:*:*:*:*:*

💻

microsoft / windows

Operating System

Safe

Version: All versions

CPE:

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Metrics

7.3 HIGHCVSS v3.0[email protected]

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector:

LOCAL

Complexity:

LOW

Privileges:

LOW

User Interaction:

REQUIRED

Confidentiality:

HIGH

Integrity:

HIGH

Availability:

HIGH

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Modified

CVSS Details

7.3 (HIGH)v3.0

Source: [email protected]

EPSS Details

0.1% (Minimal)30.9th percentile

Last updated: Oct 30, 2025

Exploitation probability within 30 days

Published Date

Sep 8, 2021 (4 years ago)

Last Modified

Nov 21, 2024 (11 months ago)

Security Weaknesses1

CWE-427

References2

NVDgeneral