—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Adobe Products 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: MEDIUM

Software Affected

Adobe InCopy versions prior to 20.3

Adobe InCopy versions prior to 19.5.4

Adobe Experience Manager (AEM) versions prior to AEM Cloud Service (CS) Release 2025.5

Adobe Experience Manager (AEM) versions prior to 6.5.23

Adobe Commerce versions

2.4.8

2.4.7-p5 and earlier

2.4.6-p10 and earlier

2.4.5-p12 and earlier

2.4.4-p13 and earlier

Adobe Commerce B2B versions

1.5.2 and earlier

1.4.2-p5 and earlier

1.3.5-p10 and earlier

1.3.4-p12 and earlier

1.3.3-p13 and earlier.

Magento Open Source

2.4.8

2.4.7-p5 and earlier

2.4.6-p10 and earlier

2.4.5-p12 and earlier

Adobe InDesign prior to ID20.3

Adobe InDesign prior to ID19.5.4

Adobe Substance 3D Sampler prior to 5.0.3

Acrobat DC versions prior to 25.001.20531(Windows) and 25.001.20529 (MacOS)

Acrobat Reader DC versions prior to 25.001.20531 (Windows) and 25.001.20529 (MacOS)

Acrobat 2024 versions prior to 24.001.30254

Acrobat 2020 versions prior to 20.005.30774

Acrobat Reader 2020 versions prior to 20.005.30774

Adobe Substance 3D Painter versions prior to 11.0.2

Overview

Multiple Vulnerabilities have been reported in Adobe products which could be exploited by an attacker to bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, gain elevated privileges, gain access to sensitive information, or cause a denial-of-service condition on the target system.

Target Audience:

System administrators Security teams or end-users of Adobe creative software products.

Impact Assessment:

Potential for access to sensitive data and system instability.

Description

Multiple vulnerabilities exist in Adobe products due memory corruption issues, improper input validation and other issues.

Successful exploitation of these vulnerabilities could allow an attacker to bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, gain elevated privileges, gain access to sensitive information, or cause a denial-of-service condition on the target system.

Solution

Apply appropriate updates as mentioned in the Adobe Security Bulletin.

https://helpx.adobe.com/security.html

https://helpx.adobe.com/security/products/incopy/apsb25-41.html

https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html

https://helpx.adobe.com/security/products/magento/apsb25-50.html

https://helpx.adobe.com/security/products/indesign/apsb25-53.html

https://helpx.adobe.com/security/products/substance3d-sampler/apsb25-55.html

https://helpx.adobe.com/security/products/acrobat/apsb25-57.html

https://helpx.adobe.com/security/products/substance3d_painter/apsb25-58.html

Vendor Information

Adobe

https://helpx.adobe.com/security.html

References

Adobe

https://helpx.adobe.com/security.html

https://helpx.adobe.com/security/products/incopy/apsb25-41.html

https://helpx.adobe.com/security/products/experience-manager/apsb25-48.html

https://helpx.adobe.com/security/products/magento/apsb25-50.html

https://helpx.adobe.com/security/products/indesign/apsb25-53.html

https://helpx.adobe.com/security/products/substance3d-sampler/apsb25-55.html

https://helpx.adobe.com/security/products/acrobat/apsb25-57.html

https://helpx.adobe.com/security/products/substance3d_painter/apsb25-58.html

CVE Name

CVE-2025-30327

CVE-2025-47107

CVE-2025-6841

CVE-2025-6842

CVE-2025-6846

CVE-2025-6847

CVE-2025-46848

CVE-2025-46850

CVE-2025-46851

CVE-2025-46853

CVE-2025-46854

CVE-2025-46855

CVE-2025-46858

CVE-2025-46859

CVE-2025-46860

CVE-2025-46861

CVE-2025-46862

CVE-2025-46863

CVE-2025-46864

CVE-2025-46865

CVE-2025-46866

CVE-2025-46870

CVE-2025-46871

CVE-2025-46872

CVE-2025-46873

CVE-2025-46874

CVE-2025-46875

CVE-2025-46876

CVE-2025-46877

CVE-2025-46878

CVE-2025-46879

CVE-2025-46880

CVE-2025-46886

CVE-2025-46887

CVE-2025-46888

CVE-2025-46890

CVE-2025-46891

CVE-2025-46892

CVE-2025-46893

CVE-2025-46894

CVE-2025-46895

CVE-2025-46898

CVE-2025-46902

CVE-2025-46903

CVE-2025-46904

CVE-2025-46914

CVE-2025-46915

CVE-2025-46916

CVE-2025-46917

CVE-2025-46919

CVE-2025-46922

CVE-2025-46923

CVE-2025-46930

CVE-2025-46931

CVE-2025-46934

CVE-2025-46935

CVE-2025-46939

CVE-2025-46940

CVE-2025-46945

CVE-2025-46951

CVE-2025-46954

CVE-2025-46955

CVE-2025-46956

CVE-2025-46967

CVE-2025-46968

CVE-2025-46978

CVE-2025-46979

CVE-2025-46988

CVE-2025-46989

CVE-2025-46990

CVE-2025-46991

CVE-2025-46992

CVE-2025-46995

CVE-2025-46997

CVE-2025-46999

CVE-2025-47000

CVE-2025-47002

CVE-2025-47003

CVE-2025-47004

CVE-2025-47005

CVE-2025-47006

CVE-2025-47007

CVE-2025-47008

CVE-2025-47010

CVE-2025-47011

CVE-2025-47012

CVE-2025-47013

CVE-2025-47014

CVE-2025-47015

CVE-2025-47016

CVE-2025-47017

CVE-2025-47019

CVE-2025-47020

CVE-2025-47021

CVE-2025-47022

CVE-2025-47025

CVE-2025-47026

CVE-2025-47027

CVE-2025-47029

CVE-2025-47030

CVE-2025-47031

CVE-2025-47032

CVE-2025-47033

CVE-2025-47034

CVE-2025-47035

CVE-2025-47036

CVE-2025-47037

CVE-2025-47038

CVE-2025-47039

CVE-2025-47040

CVE-2025-47041

CVE-2025-47042

CVE-2025-47044

CVE-2025-47047

CVE-2025-47049

CVE-2025-47050

CVE-2025-47051

CVE-2025-47052

CVE-2025-47055

CVE-2025-47057

CVE-2025-47062

CVE-2025-47065

CVE-2025-47067

CVE-2025-47069

CVE-2025-47073

CVE-2025-47075

CVE-2025-47077

CVE-2025-47079

CVE-2025-47081

CVE-2025-47084

CVE-2025-47086

CVE-2025-47088

CVE-2025-47090

CVE-2025-47093

CVE-2025-47113

CVE-2025-47117

CVE-2025-46881

CVE-2025-46884

CVE-2025-46889

CVE-2025-46900

CVE-2025-46905

CVE-2025-46908

CVE-2025-46911

CVE-2025-46918

CVE-2025-46924

CVE-2025-46941

CVE-2025-46946

CVE-2025-46950

CVE-2025-46957

CVE-2025-46971

CVE-2025-46987

CVE-2025-46837

CVE-2025-46843

CVE-2025-46857

CVE-2025-46927

CVE-2025-46944

CVE-2025-46964

CVE-2025-46966

CVE-2025-46972

CVE-2025-46977

CVE-2025-46984

CVE-2025-27206

CVE-2025-43585

CVE-2025-47110

CVE-2025-43558

CVE-2025-7104

CVE-2025-7105

CVE-2025-43590

CVE-2025-43588

CVE-2025-30317

CVE-2025-43574

CVE-2025-43550

CVE-2025-47111

CVE-2025-43576

CVE-2025-43578

CVE-2025-43575

CVE-2025-43577

CVE-2025-43579

VE-2025-47112

CVE-2025-47108

– – —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmhj8UEACgkQ3jCgcSdc

ys9bAA//eW1+Fz2UwMsk6S47v+tvVWgZ7zrtxbOvbYYeAa/w28i9+N/2n0XwTeK0

pjp9pkpY3L+v0jm22OI72dEPrIGCIJdRy+6XA/W6HTY3koNNjVHKKKNq8c5gPfCT

l33w5YmK5RNKG3xJhPQYCaYrleRryy20YhSDiis0R/3VG5dWulGR+r2OGyeebIZk

Yy4D8mXL3POiUNl0iGpVk4oxAbGCm9OkGm+gD8C0If4JPOdyXo+AOS7LU/dfS0bb

0OtvTEkCpZIZbeuOwy9pdc5z/bCaMK+Sfa5YpxyH2RVdjiaFMgRb9h5YUayKze13

NpHFlliBuzE9lwsyTu9q43BQJlKwK6VI2PiSlVdY1OhgnrbZZelyS9uc6Ablx0ZH

zcGhBpPu5Yqoaru9CFO1/iJRnzyf4rB6SIQfGUma9xIoxnDiLowtHRsn06Q2MynZ

t1QHO4AuolkqB5HvefRxoUAuizDrok+bJct7Fdb98nuvCwReaDovTH+9b2Imy1Ha

f7QfTLfTR14EHGFx9LCKiTkGbiLKkmCiER+dOfQ9h7K4QgcgfccA4vMrAks/zLUW

KTV08xvkK2MFHf1uCd/W398l+ekTAsd7/m2C4PJ2buTliIt3ofP0CZUW6aafL9ks

w+BUPJ6yC+iSjOkZCvkh+GNOFob7tQ2i7RWTBIs4+Musfx6QjtY=

=2DG9

—–END PGP SIGNATURE—–