Security Advisory

Adobe Product Suite March 2025 Routine Security Update Advisory

  • Mar 20 2025
Adobe Product Suite March 2025 Routine Security Update Advisory

Overview

 

Adobe(https://adobe.com) has released a security update that addresses a vulnerability in its supplied products. Users of affected systems are advised to update to the latest version.

 

Affected Products

 

Acrobat DC continuous 25.001.20428 and earlier versions

Acrobat Reader DC continuous 25.001.20428 and earlier

Acrobat 2024 classic 2024 24.001.30225 and earlier

Acrobat 2020 classic 2020 20.005.30748 and earlier

Acrobat Reader 2020 classic 2020 20.005.30748 and earlier

Adobe Substance 3D Sampler 4.5.2 and earlier

Illustrator 2025 29.2.1 and earlier

Illustrator 2024 28.7.4 and earlier

Adobe Substance 3D Painter 10.1.2 and earlier

Adobe InDesign id20.1 and earlier

Adobe InDesign id19.5.2 and earlier

Adobe Substance 3D Modeler 1.15 and earlier

Adobe Substance 3D Designer 14.1 and earlier

 

Resolved Vulnerabilities

 

Arbitrary code execution vulnerability due to unreleased memory usage (UAF) in Acrobat DC (CVE-2025-27174)

Arbitrary code execution vulnerability due to uninitialized pointer variable access in Acrobat DC (CVE-2025-27158)

Arbitrary code execution vulnerability due to unreleased memory usage (UAF) in Acrobat DC (CVE-2025-27159)

Arbitrary code execution vulnerability due to unbounded memory usage (UAF) in Acrobat DC (CVE-2025-27160)

Arbitrary code execution vulnerability due to an out-of-bounds read of memory in Acrobat DC (CVE-2025-27161)

Arbitrary code execution vulnerability due to uninitialized pointer variable access in Acrobat DC (CVE-2025-27162)

Arbitrary code execution vulnerability due to an out-of-bounds read of memory in Acrobat DC (CVE-2025-24431)

Memory leak vulnerability due to an out-of-bounds read of memory in Acrobat DC (CVE-2025-27163)

Memory leak vulnerability due to an out-of-bounds read in memory in Acrobat DC (CVE-2025-27164)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe Substance 3D Sampler (CVE-2025-24439)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Substance 3D Sampler (CVE-2025-24440)

Arbitrary code execution vulnerability due to out-of-bounds writes in memory in Adobe Substance 3D Sampler (CVE-2025-24441)

Arbitrary code execution vulnerability due to out-of-bounds writes in memory in Adobe Substance 3D Sampler (CVE-2025-24442)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe Substance 3D Sampler (CVE-2025-24443)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Substance 3D Sampler (CVE-2025-24444)

Arbitrary code execution vulnerability due to an out-of-bounds write in memory in Adobe Substance 3D Sampler (CVE-2025-24445)

Arbitrary code execution vulnerability due to an untrusted search path in Illustrator 2025 (CVE-2025-27167)

Arbitrary code execution vulnerability due to a stack-based buffer overflow in Illustrator 2025 (CVE-2025-27168)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Illustrator 2025 (CVE-2025-27169)

Memory leak vulnerability due to out-of-bounds reads in memory in Illustrator 2025 (CVE-2025-24448)

Memory leak vulnerability due to an out-of-bounds read in memory in Illustrator 2025 (CVE-2025-24449)

Application denial of service vulnerability due to a null pointer reference in Illustrator 2025 (CVE-2025-27170)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Substance 3D Painter (CVE-2025-24450)

Arbitrary code execution vulnerability due to out-of-bounds writes in memory in Adobe Substance 3D Painter (CVE-2025-24451)

Memory leak vulnerability due to an out-of-bounds write to memory in Adobe InDesign (CVE-2025-24452)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe InDesign (CVE-2025-24453)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe InDesign (CVE-2025-27166)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe InDesign (CVE-2025-27171)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe InDesign (CVE-2025-27175)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe InDesign (CVE-2025-27177)

Memory leak vulnerability due to an out-of-bounds write to memory in Adobe InDesign (CVE-2025-27178)

Application denial of service vulnerability due to null pointer references in Adobe InDesign (CVE-2025-27176)

Application denial of service vulnerability due to null pointer references in Adobe InDesign (CVE-2025-27179)

Arbitrary code execution vulnerability due to unreleased memory usage (UAF) in Adobe Substance 3D Modeler (CVE-2025-27181)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe Substance 3D Modeler (CVE-2025-27173)

Application denial of service vulnerability due to a null pointer reference in Adobe Substance 3D Modeler (CVE-2025-21170)

Memory leak vulnerability due to an out-of-bounds read of memory in Adobe Substance 3D Modeler (CVE-2025-27180)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe Substance 3D Designer (CVE-2025-21169)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Substance 3D Designer (CVE-2025-27172)

 

Vulnerability Patches

 

The following product-specific vulnerability patches were made available in the 03/11/2025 update

Acrobat DC Continuous version 25.001.20432

Acrobat Reader DC Continuous version 25.001.20432

Acrobat 2024 Classic 2024 24.001.30235 version

Acrobat 2020 Classic 2020 20.005.30763 version

Acrobat Reader 2020 Classic 2020 20.005.30763 version

Adobe Substance 3D Sampler 5.0 version

Illustrator 2025 29.3 and later versions

Illustrator 2024 28.7.5 and later versions

Adobe Substance 3D Painter 11 version

Adobe InDesign ID20.2 version

Adobe InDesign ID version 19.5.3 or later

Adobe Substance 3D Modeler 1.21.0 version

Adobe Substance 3D Designer 14.1.1 version

 

Referenced Sites

 

Security Bulletins and Advisories

https://helpx.adobe.com/security.html/security/security-bulletin.ug.html

APSB25-14 : Security update available for Adobe Acrobat Reader

https://helpx.adobe.com/security/products/acrobat/apsb25-14.html

APSB25-16 : Security update available for Adobe Substance 3D Sampler

https://helpx.adobe.com/security/products/substance3d-sampler/apsb25-16.html

APSB25-17 : Security update available for Adobe Illustrator

https://helpx.adobe.com/security/products/illustrator/apsb25-17.html

APSB25-18 : Security update available for Adobe Substance 3D Painter

https://helpx.adobe.com/security/products/substance3d_painter/apsb25-18.html

APSB25-19 : Security update available for Adobe InDesign

https://helpx.adobe.com/security/products/indesign/apsb25-19.html

APSB25-21 : Security update available for Adobe Substance 3D Modeler

https://helpx.adobe.com/security/products/substance3d-modeler/apsb25-21.html

APSB25-22 : Security update available for Adobe Substance 3D Designer

https://helpx.adobe.com/security/products/substance3d_designer/apsb25-22.html

APSB25-14 : Security update available for Adobe Acrobat Reader

https://helpx.adobe.com/security/products/acrobat/apsb25-14.html

APSB25-17 : Security update available for Adobe Illustrator

https://helpx.adobe.com/security/products/illustrator/apsb25-17.html

APSB25-19 : Security update available for Adobe InDesign

https://helpx.adobe.com/security/products/indesign/apsb25-19.html

Tags:
Previous Post

Next Post