Security Advisory

Adobe Product Suite January 2025 Routine Security Update Advisory

  • Jan 14 2025

Overview

 

Adobe(https://adobe.com) has released a security update that addresses a vulnerability in its supplied products. Users of affected systems are advised to update to the latest version.

 

Affected Products

 

Photoshop 2025 26.1 and below

Photoshop 2024 25.12 and below

Adobe Substance 3D Stager 3.0.4 and below

Adobe Illustrator on iPad 3.0.7 and below

Adobe Animate 2023 23.0.9 and below

Adobe Animate 2024 24.0.6 and below

Adobe Substance 3D Designer 14.0 and below

 

Resolved Vulnerabilities

 

Arbitrary code execution vulnerability due to uncontrolled search path elements in Photoshop (CVE-2025-21127)

Arbitrary code execution vulnerability due to integer type underflow in Photoshop (CVE-2025-21122)

Arbitrary code execution vulnerability due to a stack-based buffer overflow in Adobe Substance 3D Stager (CVE-2025-21128)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe Substance 3D Stager (CVE-2025-21129)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Substance 3D Stager (CVE-2025-21130)

Arbitrary code execution vulnerability due to out-of-bounds writes in memory in Adobe Substance 3D Stager (CVE-2025-21131)

Arbitrary code execution vulnerability due to out-of-bounds writes in memory in Adobe Substance 3D Stager (CVE-2025-21132)

Arbitrary code execution vulnerability due to integer underflow in Adobe Illustrator on iPad (CVE-2025-21133)

Arbitrary code execution vulnerability due to integer type underflow in Adobe Illustrator on iPad (CVE-2025-21134)

Arbitrary code execution vulnerability due to integer type underflow in Adobe Animate 2023 (CVE-2025-21135)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Substance 3D Designer (CVE-2025-21136)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe Substance 3D Designer (CVE-2025-21137)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Substance 3D Designer (CVE-2025-21138)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe Substance 3D Designer (CVE-2025-21139)

 

Vulnerability Patches

 

The following product-specific Vulnerability Patches were made available in the January 14, 2025 update

Photoshop 2025 26.2

Photoshop 2024 25.12.1

Adobe Substance 3D Stager 3.1.0

Adobe Illustrator on iPad 3.0.8

Adobe Animate 2024 24.0.7

Adobe Animate 2024 23.0.10

Adobe Substance 3D Designer 14.1

 

Referenced Sites

 

Security Bulletins and Advisories

https://helpx.adobe.com/security.html/security/security-bulletin.ug.html

APSB25-02 : Security update available for Adobe Photoshop

https://helpx.adobe.com/security/products/photoshop/apsb25-02.html

APSB25-03 : Security update available for Adobe Substance3D Stager

https://helpx.adobe.com/security/products/substance3d_stager/apsb25-03.html

APSB25-04 : Security update available for Adobe Illustrator for iPad

https://helpx.adobe.com/security/products/illustrator-mobile-ios/apsb25-04.html

APSB25-05 : Security update available for Adobe Animate

https://helpx.adobe.com/security/products/animate/apsb25-05.html

APSB25-06 : Security update available for Adobe Substance3D Designer

https://helpx.adobe.com/security/products/substance3d_designer/apsb25-06.html

APSB25-05 : Security update available for Adobe Animate

https://helpx.adobe.com/security/products/animate/apsb25-05.html

APSB25-02 : Security update available for Adobe Photoshop

https://helpx.adobe.com/security/products/photoshop/apsb25-02.html

Tags:

Previous Post

Next Post