[CIAD-2025-0036] Multiple Vulnerabilities in Adobe Products
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Adobe Products
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: Critical
Software Affected
Adobe Connect versions prior to 12.10 for Windows and macOS
Adobe Commerce versions prior to 2.4.9-alpha3 for all platforms
Adobe Commerce versions prior to 2.4.8-p3 for all platforms
Adobe Commerce versions prior to 2.4.7-p8 for all platforms
Adobe Commerce versions prior to 2.4.6-p13 for all platforms
Adobe Commerce versions prior to 2.4.5-p15 for all platforms
Adobe Commerce versions prior to 2.4.4 p16 for all platforms
Adobe Commerce B2B versions prior to 1.5.3-alpha3 for all platforms
Adobe Commerce B2B versions prior to 1.5.2-p3 for all platforms
Adobe Commerce B2B versions prior to 1.4.2-p8 for all platforms
Adobe Commerce B2B versions prior to 1.3.4-p13 for all platforms
Adobe Commerce B2B versions prior to 1.3.3-p14 for all platforms
Adobe Commerce B2B versions prior to 1.3.3-p16 for all platforms
Adobe Magento Open Source versions prior to 2.4.9-alpha3 for all platforms
Adobe Magento Open Source versions prior to 2.4.8-p3 for all platforms
Adobe Magento Open Source versions prior to 2.4.7-p8 for all platforms
Adobe Magento Open Source versions prior to 2.4.6-p13 for all platforms
Adobe Magento Open Source versions prior to 2.4.5-p15 for all platforms
Adobe Creative Cloud Desktop Application versions prior to 6.8.0.821 for macOS
Adobe Bridge versions prior to 14.1.9 (LTS) for Windows and macOS
Adobe Bridge versions prior to 15.1.2 for Windows and macOS
Adobe Animate 2023 versions prior to 23.0.15 for Windows and macOS
Adobe Animate 2024 versions prior to 24.0.12 for Windows and macOS
Adobe Experience Manager (AEM) Screens versions prior to AEM 6.5.22 Screens FP11.7 for all platforms
Adobe Substance 3D Viewer versions prior to 0.25.3 for all platforms
Adobe Substance 3D Modeler versions prior to 1.22.4 for all platforms
Adobe FrameMaker versions prior to FrameMaker 2020 Update 10 for Windows
Adobe FrameMaker versions prior to FrameMaker 2022 Update 8 for Windows
Adobe Illustrator 2025 versions prior to 29.8 for Windows and macOS
Adobe Illustrator 2024 versions prior to 28.7.10 for Windows and macOS
Adobe Dimension versions prior to 4.1.5 for Windows and macOS
Adobe Substance 3D Stager versions prior to 3.1.5 for Windows and macOS
Overview
Multiple Vulnerabilities have been reported in Adobe products which could be exploited by an attacker to execute arbitrary code, bypass security restrictions, gain elevated privileges, gain access to sensitive information, or can cause denial-of-service condition on the targeted system.
Target Audience:
System administrators, Security teams or end-users of Adobe software products.
Risk Assessment:
High risk of unauthorized access to sensitive data, system compromise.
Impact Assessment:
Potential for data theft, remote code execution or service disruption.
Description
Multiple vulnerabilities exist in Adobe products due to improper access control, incorrect authorization, time-of-check time-of-use (TOCTOU) race conditions, heap-based and stack-based buffer overflows, use-after-free errors, out-of-bounds read and write issues, NULL pointer dereference, integer overflow or wraparound, and other issues.
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, bypass security restrictions, gain elevated privileges, gain access to sensitive information, or can cause denial-of-service condition on the targeted system.
Solution
Apply appropriate updates as mentioned in the Adobe Security Bulletin:
https://helpx.adobe.com/security/products/connect/apsb25-70.html
https://helpx.adobe.com/security/products/magento/apsb25-94.html
https://helpx.adobe.com/security/products/creative-cloud/apsb25-95.html
https://helpx.adobe.com/security/products/bridge/apsb25-96.html
https://helpx.adobe.com/security/products/animate/apsb25-97.html
https://helpx.adobe.com/security/products/aem-screens/apsb25-98.html
https://helpx.adobe.com/security/products/substance3d-viewer/apsb25-99.html
https://helpx.adobe.com/security/products/substance3d-modeler/apsb25-100.html
https://helpx.adobe.com/security/products/framemaker/apsb25-101.html
https://helpx.adobe.com/security/products/illustrator/apsb25-102.html
https://helpx.adobe.com/security/products/dimension/apsb25-103.html
https://helpx.adobe.com/security/products/substance3d_stager/apsb25-104.html
Vendor Information
Adobe
https://helpx.adobe.com/security.html/security/security-bulletin.html
References
Adobe
https://helpx.adobe.com/security/products/connect/apsb25-70.html
https://helpx.adobe.com/security/products/magento/apsb25-94.html
https://helpx.adobe.com/security/products/creative-cloud/apsb25-95.html
https://helpx.adobe.com/security/products/bridge/apsb25-96.html
https://helpx.adobe.com/security/products/animate/apsb25-97.html
https://helpx.adobe.com/security/products/aem-screens/apsb25-98.html
https://helpx.adobe.com/security/products/substance3d-viewer/apsb25-99.html
https://helpx.adobe.com/security/products/substance3d-modeler/apsb25-100.html
https://helpx.adobe.com/security/products/framemaker/apsb25-101.html
https://helpx.adobe.com/security/products/illustrator/apsb25-102.html
https://helpx.adobe.com/security/products/dimension/apsb25-103.html
https://helpx.adobe.com/security/products/substance3d_stager/apsb25-104.html
CVE Name
CVE-2025-49552
CVE-2025-49553
CVE-2025-54196
CVE-2025-54263
CVE-2025-54265
CVE-2025-54267
CVE-2025-54264
CVE-2025-54266
CVE-2025-54271
CVE-2025-54268
CVE-2025-54278
CVE-2025-54269
CVE-2025-54270
CVE-2025-54279
CVE-2025-61804
CVE-2025-54272
CVE-2025-61796
CVE-2025-61797
CVE-2025-54273
CVE-2025-54274
CVE-2025-54275
CVE-2025-54280
CVE-2025-54276
CVE-2025-54282
CVE-2025-54281
CVE-2025-54283
CVE-2025-54284
CVE-2025-61798
CVE-2025-61799
CVE-2025-61800
CVE-2025-61801
CVE-2025-61802
CVE-2025-61803
CVE-2025-61805
CVE-2025-61806
CVE-2025-61807
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjyHYwACgkQ3jCgcSdc
ys/0Rg//a27sq2/o0k6QsXttqZklJiYxXpcKIMyX+tzmUEkzPLZ1T7Ny///GFCXf
3LKaAn6Zifpv5SL0PwC6r/RvXEsWt5E5pqI+yWny3kMBI4QnBF/61zeaYDgHYAvR
hCnt0wNHQX3w2ilhDSzh6mBxU2DeiuMiik1YicczepjnJ+xH7s1gYTz1I2d+XUQU
F5j8SR7YX+ENs3b0AvL9O8StVQ9lF/YFhc+rQK5oPkQL8MmRxiQgvyFGCW4AlGZe
KFWAnZzhBV6eailqfBYW1ko0kzDhQC/SCoKoLES6Xhf7fp3/A/c6TdDQ+l56zHFv
EtMQzvUsv67mKNzAGnTmXLSnWi33V7ISt9QNDRkl7DLq/KrjcZbNUlZGoiriErUD
Uu1Az8ZBB3C2Cav68neWDmRoEbE4Ug7BrBp1HEkjDLPF5oijew4sTSP59I8H3SEb
XOQwvW6mUaVwjP5FxsHRiXfWp+4RXg+69rw2BCLexD4wDJqWRf08+wg0v9513w+K
j8EMbu8cNqemygwBAzcfGePxqemPVUg+pgxUTlbhEfFNEoHXnIsQvl/T5WjoFzfW
mzbzpB++HGLtXOUxN++wkjAvAsU+ZrFN1ouOlI5A6ZdMP+e2iGKbSruK1yBotUe3
xqljiKyYDsBZgXXwjVxjZadR28GZgqjldYHL6kzkL22VEvenI6E=
=mpjk
—–END PGP SIGNATURE—–
![[CIVN-2025-0270] Multiple vulnerabilities in F5 products](https://teamwin.in/wp-content/uploads/2025/06/certin-new-e1751351599950-500x383.png)
