[CIVN-2025-0303] Multiple Vulnerabilities in Adobe Products
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Adobe Products
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: CRITICAL
Software Affected
Adobe Format Plugins 1.1.1 and earlier versions
Adobe Substance 3D Stager 3.1.5 and earlier versions for Windows and macOS
Adobe Pass Authentication Android SDK 3.7.3 and earlier versions for Android
Adobe Illustrator on iPad 3.0.9 and earlier versions for iOS
Adobe Illustrator 2025 29.8.2 and earlier versions for Windows
Adobe Illustrator 2024 28.7.10 and earlier versions for Windows
Adobe Photoshop 2025 26.8.1 and earlier versions for Windows
Adobe InCopy 20.5 and earlier versions for Windows and macOS
Adobe InCopy 19.5.5 and earlier versions for Windows and macOS
Adobe InDesign ID20.5 and earlier versions for Windows and macOS
Adobe InDesign ID19.5.5 and earlier versions for Windows and macOS
Overview
Multiple Vulnerabilities have been reported in Adobe products which could be exploited by an attacker to bypass security restrictions, execute arbitrary code or gain access to sensitive information on the targeted system.
Target Audience:
System administrators, Security teams or end-users of Adobe software products.
Risk Assessment:
High risk of unauthorized access to sensitive data.
Impact Assessment:
Potential for data theft, remote code execution or system compromise.
Description
Multiple vulnerabilities exist in Adobe products due to Heap-based Buffer Overflow; Out-of-bounds Read, Write; Use After Free; Integer Underflow (Wrap or Wraparound) and Incorrect Authorization.
Successful exploitation of these vulnerabilities could allow an attacker to bypass security restrictions, execute arbitrary code or gain access to sensitive information on the targeted system.
Solution
Apply appropriate updates as mentioned in the Adobe Security Bulletin.
https://helpx.adobe.com/security.html/security/security-bulletin.html
Vendor Information
Adobe
https://helpx.adobe.com/security/products/indesign/apsb25-106.html
https://helpx.adobe.com/security/products/incopy/apsb25-107.html
https://helpx.adobe.com/security/products/photoshop/apsb25-108.html
https://helpx.adobe.com/security/products/illustrator/apsb25-109.html
https://helpx.adobe.com/security/products/illustrator-mobile-ios/apsb25-111.html
https://helpx.adobe.com/security/products/pass/apsb25-112.html
https://helpx.adobe.com/security/products/substance3d_stager/apsb25-113.html
https://helpx.adobe.com/security/products/formatplugins/apsb25-114.html
References
Adobe
https://helpx.adobe.com/security/products/indesign/apsb25-106.html
https://helpx.adobe.com/security/products/incopy/apsb25-107.html
https://helpx.adobe.com/security/products/photoshop/apsb25-108.html
https://helpx.adobe.com/security/products/illustrator/apsb25-109.html
https://helpx.adobe.com/security/products/illustrator-mobile-ios/apsb25-111.html
https://helpx.adobe.com/security/products/pass/apsb25-112.html
https://helpx.adobe.com/security/products/substance3d_stager/apsb25-113.html
https://helpx.adobe.com/security/products/formatplugins/apsb25-114.html
CVE Name
CVE-2025-61814
CVE-2025-61815
CVE-2025-61816
CVE-2025-61817
CVE-2025-61818
CVE-2025-61819
CVE-2025-61820
CVE-2025-61824
CVE-2025-61826
CVE-2025-61827
CVE-2025-61828
CVE-2025-61829
CVE-2025-61830
CVE-2025-61831
CVE-2025-61832
CVE-2025-61833
CVE-2025-61834
CVE-2025-61835
CVE-2025-61836
CVE-2025-61837
CVE-2025-61838
CVE-2025-61840
CVE-2025-61841
CVE-2025-61842
CVE-2025-61843
CVE-2025-61844
CVE-2025-61845
CVE-2025-64531
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkV4wsACgkQ3jCgcSdc
ys94KQ//Qu3itq4AET23B6GtbOep6jlhsRWQDRC6LSu++y3Kc+3CyXrpg6wEzOqs
VzlHZwihRV17BMv+EDuvNMfp/Mpo4xE8QowkSdxiCZi8XndqbX9As4QUZhIb2ssW
dmn1AdfnSqJMbOS/mdhQ/yKDJi6bjIKlO4tvNVw3XDPWBcx6SlqCMekemZM8DP0V
ZuYPK5IlWG4VPhrKlon+wuz8e/xyqDjBsRYcruZ8rY9+tnz6QmnH3hYprZ9VDFmm
Yd9sNS1SBsuPAwNxX3VQ5RoUI1uWNwcxaOwKGqo1SB0wE4y3aGeQZPTMHtVdLMRZ
o4fDHDO3f/+mSGq6lDLVSRRPuH8fznxtux5EFrI+e64Q6iHxRrqeWC7FcEeT8Qoz
8gLa3KwMpFml04YFnJK9/I2cWsW61krTseMigRoW45XmXzp+UHHdlSjul6kE5cSn
Yx0Ac5goumJ2o6dFFp1NAatm7zIpabi728nqUzl16JtouZNHQySSeBzu7GPamqEG
Or0CLvAeFlriqbsDpkuZN4BgzFQf0uRu/DY0xp4nde07DRohs/QThjFhHcojhtDO
tiqoKX29Hx1axxzEHW0hg7SyoxmA4zYMYOQmhp0GUHXyHHuBuwyzOZAk2Op9k/wa
PMuzv/RF/SxuTHZ8ug6YvaxO3LY4lJOUkZLdSmflclX6buZotYA=
=PHJu
—–END PGP SIGNATURE—–
![[CIVN-2025-0312] Missing Authorization check in the Post SMTP plugin for WordPress](https://teamwin.in/wp-content/uploads/2025/06/certin-new-e1751351599950-500x383.png)
