Adobe Premiere Pro allows malicious code injection through trace files

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.4

Adobe Premiere Pro allows malicious code injection through trace files

CVE-2025-40943

Summary

Adobe Premiere Pro software does not properly clean malicious code from imported trace files. This means an attacker could trick someone into importing a file containing code that would allow the attacker to gain control of the computer. Users should be cautious when opening trace files from unknown sources and ensure their Adobe Premiere Pro software is up to date.

Original title

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering a legitimate user to import a specially crafted trace file

Original description

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering a legitimate user to import a specially crafted trace file

nvd CVSS3.1 9.6

nvd CVSS4.0 9.4

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://cert-portal.siemens.com/productcert/html/ssa-452276.html

Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026