Security Advisory

Adobe Product Suite April 2025 Routine Security Update Advisory

  • Apr 08 2025
Adobe Product Suite April 2025 Routine Security Update Advisory

Overview

 

Adobe(https://adobe.com) has released a security update that addresses a vulnerability in its supplied products. Users of affected systems are advised to update to the latest version.

 

Affected Products

 

ColdFusion 2025 build 331385

ColdFusion 2023 update 12 and earlier

ColdFusion 2021 update 18 and earlier

Adobe After Effects 24.6.4 and earlier

Adobe After Effects 25.1 and earlier

Adobe Media Encoder 24.6.4 and earlier

Adobe Media Encoder 25.1 and earlier

Adobe Bridge 14.1.5 and earlier

Adobe Bridge 15.0.2 and earlier

Adobe Commerce 2.4.8-beta2

Adobe Commerce 2.4.7-p4 and earlier

Adobe Commerce 2.4.6-p9 and earlier

Adobe Commerce 2.4.5-p11 and earlier

Adobe Commerce 2.4.4-p12 and earlier

Adobe Commerce B2B 1.5.1 and earlier

Adobe Commerce B2B 1.4.2-p4 and earlier

Adobe Commerce B2B 1.3.5-p9 and earlier

Adobe Commerce B2B 1.3.4-p11 and earlier

Adobe Commerce B2B 1.3.3-p12 and earlier

Magento Open Source 2.4.8-beta2

Magento Open Source 2.4.7-p4 and earlier

Magento Open Source 2.4.6-p9 and earlier

Magento Open Source 2.4.5-p11 and earlier

Magento Open Source 2.4.4-p12 and earlier

Adobe Experience Manager (AEM) Forms on JEE 6.5.22.0 (aemforms-6.5.0-0093) and earlier

Adobe Premiere Pro 25.1 and earlier

Adobe Premiere Pro 24.6.4 and earlier

Photoshop 2025 26.4.1 and earlier

Photoshop 2024 25.12.1 and earlier

Adobe Animate 2023 23.0.10 and earlier

Adobe Animate 2024 24.0.7 and earlier

Adobe Experience Manager (AEM) Screens aem 6.5 screens fp11.3 and earlier

Adobe FrameMaker 2020 release update 7 and earlier

Adobe FrameMaker 2022 release update 5 and earlier

 

Resolved Vulnerabilities

 

Arbitrary file read vulnerability due to lack of input validation in ColdFusion 2025 (CVE-2025-24446)

Arbitrary code execution vulnerability due to untrusted data deserialization in ColdFusion 2025 (CVE-2025-24447)

Arbitrary file read vulnerability due to improper access control in ColdFusion 2025 (CVE-2025-30281)

Arbitrary code execution vulnerability due to improper authentication in ColdFusion 2025 (CVE-2025-30282)

Arbitrary code execution vulnerability due to untrusted data deserialization in ColdFusion 2025 (CVE-2025-30284)

Arbitrary code execution vulnerability due to untrusted data deserialization in ColdFusion 2025 (CVE-2025-30285)

Arbitrary code execution vulnerability due to improper validation in ColdFusion 2025 (CVE-2025-30286)

Arbitrary code execution vulnerability due to improper authentication in ColdFusion 2025 (CVE-2025-30287)

Security feature bypass vulnerability due to improper access control in ColdFusion 2025 (CVE-2025-30288)

Arbitrary code execution vulnerability due to improper validation in ColdFusion 2025 (CVE-2025-30289)

Security feature bypass vulnerability due to lack of pathname restriction in ColdFusion 2025 (CVE-2025-30290)

Security feature bypass vulnerability due to information leakage in ColdFusion 2025 (CVE-2025-30291)

Arbitrary code execution vulnerability due to cross-site scripting (Reflected XSS) in ColdFusion 2025 (CVE-2025-30292)

Security feature bypass vulnerability due to lack of input validation in ColdFusion 2025 (CVE-2025-30293)

Security feature bypass vulnerability due to lack of input validation in ColdFusion 2025 (CVE-2025-30294)

Arbitrary code execution vulnerability due to out-of-bounds writes to memory in Adobe After Effects (CVE-2025-27182)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe After Effects (CVE-2025-27183)

Memory leak vulnerability due to an out-of-bounds read in memory in Adobe After Effects (CVE-2025-27184)

Application denial of service vulnerability due to a null pointer reference in Adobe After Effects (CVE-2025-27185)

Memory leak vulnerability due to an out-of-bounds read of memory in Adobe After Effects (CVE-2025-27186)

Memory leak vulnerability due to an out-of-bounds read in memory in Adobe After Effects (CVE-2025-27187)

Memory leak vulnerability due to an out-of-bounds read in memory in Adobe After Effects (CVE-2025-27204)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Media Encoder (CVE-2025-27194)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe Media Encoder (CVE-2025-27195)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe Bridge (CVE-2025-27193)

Privilege escalation vulnerability due to lack of authentication in Adobe Commerce ()

Application denial of service vulnerability due to cross-site request forgery (csrf) in Adobe Commerce (B2B Only)

Security feature bypass vulnerability due to improper access control in Adobe Commerce ()

Security Feature Bypass Vulnerability Due to Improper Access Controls in Adobe Commerce ()

Security feature bypass vulnerability due to improperly secured credentials in Adobe Commerce ()

Arbitrary code execution vulnerability due to heap memory-based buffer overflow in Adobe Premiere Pro (CVE-2025-27196)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Photoshop 2025 (CVE-2025-27198)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe Animate 2023 (CVE-2025-27199)

Arbitrary code execution vulnerability due to unreleased memory usage (UAF) in Adobe Animate 2023 (CVE-2025-27200)

Memory leak vulnerability due to an out-of-bounds read of memory in Adobe Animate 2023 (CVE-2025-27201)

Memory Leak Vulnerability due to an out-of-bounds read in memory in Adobe Animate 2023 (CVE-2025-27202)

Arbitrary code execution vulnerability due to cross-site scripting (Reflected XSS) in Adobe Experience Manager (AEM) Screens (CVE-2025-27205)

Arbitrary code execution vulnerability due to out-of-bounds writes to memory in Adobe FrameMaker (CVE-2025-30304)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe FrameMaker (CVE-2025-30295)

Arbitrary code execution vulnerability due to integer type underflow in Adobe FrameMaker (CVE-2025-30296)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe FrameMaker (CVE-2025-30297)

Arbitrary code execution vulnerability due to a stack-based buffer overflow in Adobe FrameMaker (CVE-2025-30298)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe FrameMaker (CVE-2025-30299)

Application denial of service vulnerability due to a null pointer reference in Adobe FrameMaker (CVE-2025-30300)

Application Denial of Service Vulnerability due to a null pointer reference in Adobe FrameMaker (CVE-2025-30301)

Memory leak vulnerability due to an out-of-bounds read of memory in Adobe FrameMaker (CVE-2025-30302)

Memory leak vulnerability due to an out-of-bounds read of memory in Adobe FrameMaker (CVE-2025-30303)

 

Vulnerability Patches

 

With the April 8, 2025 update, the following product-specific vulnerability patches were made available

ColdFusion 2025 Update 1

ColdFusion 2023 Update 13

ColdFusion 2021 Update 19

Adobe After Effects 24.6.5

Adobe After Effects 25.2

Adobe Media Encoder 24.6.5

Adobe Media Encoder 25.2

Adobe Bridge 14.1.6

Adobe Bridge 15.0.3

Adobe Commerce B2B 1.5.2 for 1.5.1

Adobe Commerce B2B 1.4.2-p5 for 1.4.2-p4 and later

Adobe Commerce B2B 1.3.5-p10 for 1.3.5-p9 and later

Adobe Commerce B2B 1.3.4-p12 for 1.3.4-p11 and later

Adobe Commerce B2B 1.3.3-p13 for 1.3.3-p12 and later

Magento Open Source 2.4.8 for 2.4.8-beta2

Magento Open Source 2.4.7-p5 for 2.4.7-p4 and later

Magento Open Source 2.4.6-p10 for 2.4.6-p9 and later

Magento Open Source 2.4.5-p12 for 2.4.5-p11 and later versions

Magento Open Source 2.4.4-p13 for 2.4.4-p12 and later versions

Adobe Premiere Pro 25.2

Adobe Premiere Pro 24.6.5

Photoshop 2025 26.5

Photoshop 2024 25.12.2

Adobe Animate 2024 24.0.8

Adobe Experience Manager (AEM) Screens aem 6.5 screens fp11.4

Adobe FrameMaker FrameMaker 2020 Update 8

Adobe FrameMaker FrameMaker 2022 Update 6

 

Referenced Sites

 

Security Bulletins and Advisories

https://helpx.adobe.com/security.html/security/security-bulletin.ug.html

APSB25-15 : Security update available for Adobe ColdFusion

https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html

APSB25-23 : Security update available for Adobe After Effects

https://helpx.adobe.com/security/products/after_effects/apsb25-23.html

APSB25-24 : Security update available for Adobe Media Encoder

https://helpx.adobe.com/security/products/media-encoder/apsb25-24.html

APSB25-25 : Security update available for Adobe Bridge

https://helpx.adobe.com/security/products/bridge/apsb25-25.html

APSB25-26 : Security update available for Adobe Commerce

https://helpx.adobe.com/security/products/magento/apsb25-26.html

APSB25-27 : Security update available for Adobe AEM Forms

https://helpx.adobe.com/security/products/aem-forms/apsb25-27.html

APSB25-28 : Security update available for Adobe Premiere Pro

https://helpx.adobe.com/security/products/premiere_pro/apsb25-28.html

APSB25-30 : Security update available for Adobe Photoshop

https://helpx.adobe.com/security/products/photoshop/apsb25-30.html

APSB25-31 : Security update available for Adobe Animate

https://helpx.adobe.com/security/products/animate/apsb25-31.html

APSB25-32 : Security update available for Adobe AEM Screens

https://helpx.adobe.com/security/products/aem-screens/apsb25-32.html

APSB25-33 : Security update available for Adobe FrameMaker

https://helpx.adobe.com/security/products/framemaker/apsb25-33.html

APSB25-23 : Security update available for Adobe After Effects

https://helpx.adobe.com/security/products/after_effects/apsb25-23.html

APSB25-31 : Security update available for Adobe Animate

https://helpx.adobe.com/security/products/animate/apsb25-31.html

APSB25-25 : Security update available for Adobe Bridge

https://helpx.adobe.com/security/products/bridge/apsb25-25.html

APSB25-15 : Security update available for Adobe ColdFusion

https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html

APSB25-26 : Security update available for Adobe Commerce

https://helpx.adobe.com/security/products/magento/apsb25-26.html

APSB25-30 : Security update available for Adobe Photoshop

https://helpx.adobe.com/security/products/photoshop/apsb25-30.html

APSB25-28 : Security update available for Adobe Premiere Pro

https://helpx.adobe.com/security/products/premiere_pro/apsb25-28.html

Tags:
Previous Post

Next Post