Adobe Security Update – Patch for Multiple Vulnerabilities Across Products

Adobe has released a comprehensive set of security updates addressing multiple vulnerabilities across twelve of its products. The patches, all released on April 8, 2025, aim to resolve critical, important, and moderate security flaws that could potentially expose users to various cyber threats, including arbitrary code execution, privilege escalation, and application denial-of-service attacks. Significant Vulnerabilities […] The post Adobe Security Update – Patch for Multiple Vulnerabilities Across Products appeared first on Cyber Security News.

Apr 9, 2025 - 16:35

Adobe Security Update – Patch for Multiple Vulnerabilities Across Products

Adobe has released a comprehensive set of security updates addressing multiple vulnerabilities across twelve of its products.

The patches, all released on April 8, 2025, aim to resolve critical, important, and moderate security flaws that could potentially expose users to various cyber threats, including arbitrary code execution, privilege escalation, and application denial-of-service attacks.

Significant Vulnerabilities Patched

Adobe ColdFusion (APSB25-15)

ColdFusion’s update resolves multiple vulnerabilities, including improper input validation (CVE-2025-24446), deserialization of untrusted data (CVE-2025-24447), and improper access control (CVE-2025-30281).

Other flaws like OS command injection (CVE-2025-30286) and cross-site scripting (CVE-2025-30292) were also addressed.

These vulnerabilities could lead to arbitrary code execution, privilege escalation, or exposure of sensitive information.

Adobe After Effects (APSB25-23)

The update for After Effects fixes critical vulnerabilities such as memory leaks and application denial-of-service issues.

Successful exploitation could lead to arbitrary code execution in the context of the logged-on user. Affected versions include 24.6.4 and earlier, as well as 25.1 on both Windows and macOS.

Adobe Media Encoder (APSB25-24)

Media Encoder’s update addresses two critical vulnerabilities: out-of-bounds write (CVE-2025-27194) and heap-based buffer overflow (CVE-2025-27195).

These flaws could enable arbitrary code execution with a CVSS score of 7.8.

Adobe Bridge (APSB25-25)

Bridge’s security patch resolves a heap-based buffer overflow vulnerability (CVE-2025-27193), which could lead to arbitrary code execution.

The vulnerability affects versions 14.1.5 and earlier, as well as 15.0.2 on both Windows and macOS platforms.

Adobe Commerce (APSB25-26)

Adobe Commerce and Magento Open Source received security updates to address vulnerabilities that could lead to security feature bypass, privilege escalation, and application denial-of-service.

The affected versions include Adobe Commerce 2.4.8-beta2 and earlier, Adobe Commerce B2B 1.5.1 and earlier, and Magento Open Source 2.4.8-beta2 and earlier across all platforms.

Adobe Experience Manager Forms (APSB25-27)

The update for AEM Forms addresses path traversal (CVE-2024-38819) and case-sensitive match exception vulnerabilities (CVE-2024-38820).

These flaws stem from dependencies on third-party components and could lead to unauthorized access or data exposure.

Adobe Premiere Pro (APSB25-28)

Premiere Pro’s update resolves a critical heap-based buffer overflow vulnerability (CVE-2025-27196), which could lead to arbitrary code execution in affected versions 24.6.4 and earlier, as well as 25.1 for Windows and macOS.

Adobe Photoshop (APSB25-30)

Photoshop’s patch addresses a heap-based buffer overflow vulnerability (CVE-2025-27198), rated critical with a CVSS score of 7.8.

This flaw could result in arbitrary code execution if exploited successfully.

Adobe Animate (APSB25-31)

Adobe Animate’s update resolves critical vulnerabilities such as heap-based buffer overflow (CVE-2025-27199) and use-after-free (CVE-2025-27200), both rated with a CVSS score of 7.8, which could lead to arbitrary code execution.

Additionally, two memory leak vulnerabilities (CVE-2025-27201 and CVE-2025-27202), rated important with a CVSS score of 5.5, were addressed. These vulnerabilities impact Adobe Animate 2023 (23.0.10 and earlier) and 2024 (24.0.7 and earlier) for Windows and macOS platforms.

Adobe Experience Manager Screens (APSB25-32)

The update for Adobe Experience Manager (AEM) Screens addresses an important vulnerability related to reflected cross-site scripting (XSS) (CVE-2025-27205).

This flaw has a CVSS score of 5.4 and could lead to arbitrary code execution if exploited successfully. It affects AEM Screens versions up to AEM 6.5 Screens FP11.3 across all platforms.

Adobe FrameMaker (APSB25-33)

FrameMaker’s update fixes several critical vulnerabilities, including out-of-bounds write (CVE-2025-30304), heap-based buffer overflow (CVE-2025-30295), and stack-based buffer overflow (CVE-2025-30298).

These issues could allow attackers to execute arbitrary code or cause application crashes.

Adobe XMP Toolkit SDK (APSB25-34)

The XMP Toolkit SDK update resolves multiple out-of-bounds read vulnerabilities (e.g., CVE-2025-30305 through CVE-2025-30309).

Exploitation of these flaws could result in information disclosure or application instability.

Security experts recommend that all users of affected Adobe products update their installations immediately.

For most products, updates can be applied through the Creative Cloud desktop application’s update mechanism or by navigating to the Help menu and selecting “Updates” within individual applications.

For managed environments, IT administrators can utilize the Creative Cloud Packager to create deployment packages.

Adobe has confirmed it is not currently aware of any exploits in the wild for these vulnerabilities. However, prompt patching remains essential to maintain security integrity across Adobe’s ecosystem of creative and enterprise products.

Application Security is no longer just a defensive play, Time to Secure -> Free Webinar

The post Adobe Security Update – Patch for Multiple Vulnerabilities Across Products appeared first on Cyber Security News.