Adobe Product Suite February 2025 Routine Security Update Advisory

Feb 12 2025

Overview

Adobe(https://adobe.com) has released a security update that addresses a vulnerability in its supplied products. Users of affected systems are advised to update to the latest version.

Affected Products

Adobe InDesign id20.0 and below

Adobe InDesign id19.5.1 and earlier versions

Adobe Commerce 2.4.8-beta1 and earlier versions

Adobe Commerce 2.4.7-p3 and earlier versions

Adobe Commerce 2.4.6-p8 and earlier

Adobe Commerce 2.4.5-p10 and earlier

Adobe Commerce 2.4.4-p11 and earlier

Adobe Commerce B2B 1.5.0 and earlier

Adobe Commerce B2B 1.4.2-p3 and earlier

Adobe Commerce B2B 1.3.5-p8 and earlier

Adobe Commerce B2B 1.3.4-p10 and earlier

Adobe Commerce B2B 1.3.3-p11 and earlier

Magento Open Source 2.4.8-beta1 version

Magento Open Source 2.4.7-p3 and below

Magento Open Source 2.4.6-p8 and below

Magento Open Source 2.4.5-p10 and below

Magento Open Source 2.4.4-p11 and below

Adobe Substance 3D Stager 3.1.0 and below

Adobe InCopy 20.0 and below

Adobe InCopy 19.5.1 and earlier

Illustrator 2025 29.1 and earlier

Illustrator 2024 28.7.3 and earlier

Adobe Substance 3D Designer 14.0.2 and earlier

Photoshop Elements 2025.0 [build: 20240918.pse.cae27345, 20240918.pse.d3263bae (mac arm) versions

Resolved Vulnerabilities

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe InDesign (CVE-2025-21157)

Arbitrary code execution vulnerability due to integer underflow in Adobe InDesign (CVE-2025-21158)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe InDesign (CVE-2025-21121)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe InDesign (CVE-2025-21123)

Memory leak vulnerability due to an out-of-bounds read of memory in Adobe InDesign (CVE-2025-21124)

Application denial of service vulnerability due to a null pointer reference in Adobe InDesign (CVE-2025-21125)

Application Denial of Service Vulnerability in Adobe InDesign Due to Insufficient Input Value Validation (CVE-2025-21126)

Elevation of privilege vulnerability due to lack of pathname restriction in Adobe Commerce (CVE-2025-24406)

Security feature bypass vulnerability due to malformed authorization in Adobe Commerce (CVE-2025-24407)

Privilege escalation vulnerability due to information leakage in Adobe Commerce (CVE-2025-24408)

Security feature bypass vulnerability due to lack of authentication in Adobe Commerce (CVE-2025-24409)

Privilege escalation vulnerability due to lack of authentication in Adobe Commerce (CVE-2025-24434)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2025-24410)

Security feature bypass vulnerability due to improper access control in Adobe Commerce (CVE-2025-24411)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2025-24412)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2025-24438)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2025-24413)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2025-24414)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2025-24415)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2025-24416)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2025-24417)

Privilege escalation vulnerability due to a violation of security design principles in Adobe Commerce (CVE-2025-24418)

Security feature bypass vulnerability due to malformed authorization in Adobe Commerce (CVE-2025-24419)

Security feature bypass vulnerability due to malformed authorization in Adobe Commerce (CVE-2025-24420)

Security feature bypass vulnerability due to malformed authorization in Adobe Commerce (CVE-2025-24421)

Security feature bypass vulnerability due to improper access control in Adobe Commerce (CVE-2025-24422)

Privilege escalation vulnerability due to improper access controls in Adobe Commerce (CVE-2025-24423)

Privilege escalation vulnerability due to improper access control in Adobe Commerce (CVE-2025-24435)

Privilege escalation vulnerability due to improper access control in Adobe Commerce (CVE-2025-24436)

Privilege Escalation Vulnerability Due to Improper Access Control in Adobe Commerce (CVE-2025-24437)

Security Feature Bypass Vulnerability Due to Improper Access Control in Adobe Commerce (CVE-2025-24424)

Security feature bypass vulnerability due to a business logic error in Adobe Commerce (CVE-2025-24425)

Security Feature Bypass Vulnerability Due to Improper Access Control in Adobe Commerce (CVE-2025-24426)

Security Feature Bypass Vulnerability Due to Improper Access Controls in Adobe Commerce (CVE-2025-24427)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2025-24428)

Security feature bypass vulnerability due to improper access control in Adobe Commerce (CVE-2025-24429)

Security feature bypass vulnerability due to time-of-check time-of-use (toctou) race condition in Adobe Commerce (CVE-2025-24430)

Security feature bypass vulnerability due to a time-of-check time-of-use (toctou) race condition in Adobe Commerce (CVE-2025-24432)

Application denial of service vulnerability due to a null pointer reference in Adobe Substance 3D Stager (CVE-2025-21155)

Arbitrary code execution vulnerability due to an integer type underflow in Adobe InCopy (CVE-2025-21156)

Arbitrary code execution vulnerability due to unclaimed memory usage (UAF) in Illustrator 2025 (CVE-2025-21159)

Arbitrary code execution vulnerability due to integer underflow in Illustrator 2025 (CVE-2025-21160)

Arbitrary code execution vulnerability due to a stack-based buffer overflow in Illustrator 2025 (CVE-2025-21163)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Substance 3D Designer (CVE-2025-21161)

Privilege escalation vulnerability in Photoshop Elements due to the creation of a temporary file in a directory with incorrect permissions (CVE-2025-21162)

Vulnerability Patches

The following product-specific vulnerability patches were made available in the 02/11/2025 update

Adobe InDesign ID20.1

Adobe InDesign ID19.5.2

Adobe Commerce 2.4.8-beta2 for 2.4.8-beta1

Adobe Commerce 2.4.7-p4 for 2.4.7-p3

Adobe Commerce 2.4.6-p9 for 2.4.6-p8

Adobe Commerce 2.4.5-p11 for 2.4.5-p10

Adobe Commerce 2.4.4-p12 for 2.4.4-p11

Adobe Commerce B2B 1.5.1

Adobe Commerce B2B 1.4.2-p4 for 1.4.2-p3

Adobe Commerce B2B 1.3.5-p9 for 1.3.5-p8

Adobe Commerce B2B 1.3.4-p11 for 1.3.4-p10

Adobe Commerce B2B 1.3.3-p12 for 1.3.3-p11

Magento Open Source 2.4.8-beta2 for 2.4.8-beta1

Magento Open Source 2.4.7-p4 for 2.4.7-p3

Magento Open Source 2.4.6-p9 for 2.4.6-p8

Magento Open Source 2.4.5-p11 for 2.4.5-p10

Magento Open Source 2.4.4-p12 for 2.4.4-p11

Adobe Commerce and Magento Open Source Isolated patch for CVE-2025-24434

Adobe Substance 3D Stager 3.1.1

Adobe InCopy 20.1

Adobe InCopy 19.5.2

Illustrator 2025 29.2.1

Illustrator 2024 28.7.4

Adobe Substance 3D Designer 14.1

Photoshop Elements 2025.1 [build: 20250124.PSE.f552973b, 20250124.PSE.5345f07d (Mac ARM)]

Referenced Sites

Security Bulletins and Advisories

https://helpx.adobe.com/security.html/security/security-bulletin.ug.html

APSB25-01 : Security update available for Adobe InDesign

https://helpx.adobe.com/security/products/indesign/apsb25-01.html

APSB25-08 : Security update available for Adobe Commerce

https://helpx.adobe.com/security/products/magento/apsb25-08.html

APSB25-09 : Security update available for Adobe Substance 3D Stager

https://helpx.adobe.com/security/products/substance3d_stager/apsb25-09.html

APSB25-10 : Security update available for Adobe InCopy

https://helpx.adobe.com/security/products/incopy/apsb25-10.html

APSB25-11 : Security update available for Adobe Illustrator

https://helpx.adobe.com/security/products/illustrator/apsb25-11.html

APSB25-12 : Security update available for Adobe Substance 3D Designer

https://helpx.adobe.com/security/products/substance3d_designer/apsb25-12.html

APSB25-13 : Security update available for Adobe Photoshop Elements

https://helpx.adobe.com/security/products/photoshop_elements/apsb25-13.html

APSB25-11 : Security update available for Adobe Illustrator

https://helpx.adobe.com/security/products/illustrator/apsb25-11.html

APSB25-10 : Security update available for Adobe InCopy

https://helpx.adobe.com/security/products/incopy/apsb25-10.html

APSB25-01 : Security update available for Adobe InDesign

https://helpx.adobe.com/security/products/indesign/apsb25-01.html

APSB25-08 : Security update available for Adobe Commerce

https://helpx.adobe.com/security/products/magento/apsb25-08.html

APSB25-13 : Security update available for Adobe Photoshop Elements

https://helpx.adobe.com/security/products/photoshop_elements/apsb25-13.html

Adobe Product Suite February 2025 Routine Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

MS Family February 2025 Routine Security Update Advisory

GitLab Product Security Update Advisory (CVE-2024-7102)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

MS Family February 2025 Routine Security Update Advisory

GitLab Product Security Update Advisory (CVE-2024-7102)