WHAT ARE YOU LOOKING FOR?

Popular Tags

Raleigh, NC

32°F
Scattered Clouds Humidity: 79%
Wind: 2.06 M/S

Adobe Rolls Out Critical Update to Fix 254 Security Flaws

Security Hits: 177
Adobe Rolls Out Critical Update to Fix 254 Security Flaws

Adobe released security updates on Tuesday to fix a total of 254 vulnerabilities across its software products, with most of the issues affecting Experience Manager (AEM). 

Out of the 254 flaws, 225 are found in AEM, including AEM Cloud Service and all versions up to and including 6.5.22. These have been fixed in AEM Cloud Service Release 2025.5 and version 6.5.23. 

According to Adobe, successful exploitation of these vulnerabilities could allow arbitrary code execution, privilege escalation, or bypass of security features. 

The vast majority of the 225 AEM vulnerabilities are cross-site scripting (XSS) flaws, including both stored and DOM-based XSS, which could be used to execute arbitrary code. Adobe credited security researchers Jim Green (green-jam), Akshay Sharma (anonymous_blackzero), and lpi for identifying and reporting these XSS vulnerabilities. 

Among the most critical issues addressed this month is a code execution vulnerability in Adobe Commerce and Magento Open Source. The flaw, tracked as CVE-2025-47110 and rated critical with a CVSS score of 9.1, is a reflected XSS issue that could lead to arbitrary code execution. Adobe also resolved an improper authorization issue, CVE-2025-43585 (CVSS score: 8.2), that could result in a security feature bypass. 

The affected versions include: 

  • Adobe Commerce (2.4.8, 2.4.7-p5 and earlier, 2.4.6-p10 and earlier, 2.4.5-p12 and earlier, 2.4.4-p13 and earlier) 
  • Adobe Commerce B2B (1.5.2 and earlier, 1.4.2-p5 and earlier, 1.3.5-p10 and earlier, 1.3.4-p12 and earlier, 1.3.3-p13 and earlier) 
  • Magento Open Source (2.4.8, 2.4.7-p5 and earlier, 2.4.6-p10 and earlier, 2.4.5-p12 and earlier) 

Other updates addressed four code execution vulnerabilities in Adobe InCopy (CVE-2025-30327, CVE-2025-47107; both with CVSS scores of 7.8) and in Substance 3D Sampler (CVE-2025-43581, CVE-2025-43588; also with CVSS scores of 7.8). 

None of the vulnerabilities have been reported as publicly known or exploited in the wild. Adobe strongly recommends updating to the latest versions to reduce exposure to potential security risks. 

 

Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post. 

Image
Back To Top

With Cybersecurity Insights, current news and event trends will be captured on cybersecurity, recent systems / cyber-attacks, artificial intelligence (AI), technology innovation happening around the world; to keep our viewers fast abreast with the current happening with technology, system security, and how its effect our lives and ecosystem. 

Please fill the required field.