Adobe Product Suite May 2025 Routine Security Update Advisory

May 16 2025

Overview

Adobe(https://adobe.com) has released a security update that addresses a vulnerability in its supplied products. Users of affected systems are advised to update to the latest version.

Affected Products

Lightroom 8.2 and earlier versions

Adobe Dreamweaver 21.4 and earlier versions

Adobe Connect 12.8 and earlier

Adobe InDesign id20.2 and earlier

Adobe InDesign id19.5.2 and earlier

Adobe Substance 3D Painter 11.0 and earlier

Photoshop 2025 26.5 and earlier

Photoshop 2024 25.12.2 and earlier

Adobe Animate 2023 23.0.11 and earlier

Adobe Animate 2024 24.0.8 and earlier

Illustrator 2025 29.3 and earlier

Illustrator 2024 28.7.5 and earlier

Adobe Bridge 14.1.6 and earlier

Adobe Bridge 15.0.3 and earlier

Adobe Dimension 4.1.1 and earlier

Adobe Substance 3D Stager 3.1.1 and earlier

Adobe Substance 3D Modeler 1.21.0 and earlier

ColdFusion 2025 update 1

ColdFusion 2023 update 13 and earlier

ColdFusion 2021 update 19 and earlier

Resolved Vulnerabilities

Arbitrary code execution vulnerability due to out-of-bounds writes to memory in Lightroom (CVE-2025-27197)

Arbitrary code execution vulnerability due to resource access with incompatible types (‘type confusion’) in Adobe Dreamweaver (CVE-2025-30310)

Privilege escalation vulnerability due to cross-site scripting (Reflected XSS) in Adobe Connect (CVE-2025-43567)

Arbitrary code execution vulnerability due to cross-site scripting (Reflected XSS) in Adobe Connect (CVE-2025-30314)

Arbitrary code execution vulnerability due to cross-site scripting (Reflected XSS) in Adobe Connect (CVE-2025-30315)

Arbitrary code execution vulnerability due to cross-site scripting (Reflected XSS) in Adobe Connect (CVE-2025-30316)

Arbitrary code execution vulnerability due to out-of-bounds writes in memory in Adobe InDesign (CVE-2025-30318)

Application denial of service vulnerability due to null pointer references in Adobe InDesign (CVE-2025-30319)

Application denial of service vulnerability due to null pointer references in Adobe InDesign (CVE-2025-30320)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Substance 3D Painter (CVE-2025-30322)

Arbitrary code execution vulnerability due to integer value underflow in Photoshop 2025 (CVE-2025-30324)

Arbitrary code execution vulnerability due to integer value overflow in Photoshop 2025 (CVE-2025-30325)

Arbitrary code execution vulnerability due to uninitialized pointer variable access in Photoshop 2025 (CVE-2025-30326)

Arbitrary code execution vulnerability due to out-of-bounds writes to memory in Adobe Animate 2023 (CVE-2025-30328)

Arbitrary code execution vulnerability due to integer value underflow in Adobe Animate 2023 (CVE-2025-43555)

Arbitrary code execution vulnerability due to integer value overflow in Adobe Animate 2023 (CVE-2025-43556)

Arbitrary code execution vulnerability due to uninitialized pointer variable access in Adobe Animate 2023 (CVE-2025-43557)

Application denial of service vulnerability due to a null pointer reference in Adobe Animate 2023 (CVE-2025-30329)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Illustrator 2025 (CVE-2025-30330)

Arbitrary code execution vulnerability due to uninitialized pointer variable access in Adobe Bridge (CVE-2025-43545)

Arbitrary code execution vulnerability due to an integer value underflow in Adobe Bridge (CVE-2025-43546)

Arbitrary code execution vulnerability due to integer value overflow in Adobe Bridge (CVE-2025-43547)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Dimension (CVE-2025-43548)

Arbitrary code execution vulnerability due to an out-of-bounds write in memory in Adobe Dimension (CVE-2025-43572)

Arbitrary code execution vulnerability due to unreleased memory usage (UAF) in Adobe Substance 3D Stager (CVE-2025-43549)

Arbitrary code execution vulnerability due to unbounded memory usage (UAF) in Adobe Substance 3D Stager (CVE-2025-43568)

Arbitrary code execution vulnerability due to out-of-bounds writes to memory in Adobe Substance 3D Stager (CVE-2025-43569)

Arbitrary code execution vulnerability due to unreleased memory usage (UAF) in Adobe Substance 3D Stager (CVE-2025-43570)

Arbitrary code execution vulnerability due to unbounded memory usage (UAF) in Adobe Substance 3D Stager (CVE-2025-43571)

Memory leak vulnerability due to an out-of-bounds read of memory in Adobe Substance 3D Stager (CVE-2025-43551)

Arbitrary code execution vulnerability due to uncontrolled search path elements in Adobe Substance 3D Modeler (CVE-2025-43553)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Substance 3D Modeler (CVE-2025-43554)

Arbitrary file read vulnerability due to lack of input validation in ColdFusion 2025 (CVE-2025-43559)

Arbitrary code execution vulnerability due to lack of input validation in ColdFusion 2025 (CVE-2025-43560)

Arbitrary file read vulnerability due to improper access control in ColdFusion 2025 (CVE-2025-43561)

Arbitrary code execution vulnerability due to improper mitigation of certain elements (‘os command injection’) in ColdFusion 2025 (CVE-2025-43562)

Privilege escalation vulnerability due to improper access control in ColdFusion 2025 (CVE-2025-43563)

Arbitrary code execution vulnerability due to malformed authorization in ColdFusion 2025 (CVE-2025-43564)

Arbitrary code execution vulnerability due to improper access control in ColdFusion 2025 (CVE-2025-43565)

Arbitrary file read vulnerability due to lack of pathname restrictions in ColdFusion 2025 (CVE-2025-43566)

Vulnerability Patches

The following product-specific vulnerability patches were made available in the 05/13/2025 update

Lightroom version 8.3

Adobe Dreamweaver version 21.5

Adobe Connect version 12.9

Adobe InDesign id20.3 version

Adobe InDesign id19.5.3 version

Adobe Substance 3D Painter 11.0.0 version

Photoshop 2025 26.6 version

Photoshop 2024 25.12.3 version

Adobe Animate 2023 23.0.12 version

Adobe Animate 2024 24.0.9 version

Illustrator 2025 29.4 version

Illustrator 2024 28.7.6 version

Adobe Bridge 14.1.7 version

Adobe Bridge 15.0.4 version

Adobe Dimension 4.1.2 version

Adobe Substance 3D Stager 3.1.2 version

Adobe Substance 3D Modeler 1.22.0 version

ColdFusion 2025 update 2 version

ColdFusion 2023 update 14 version

ColdFusion 2021 update 20 version

Referenced Sites

Security Bulletins and Advisories

https://helpx.adobe.com/security.html/security/security-bulletin.ug.html

APSB25-29 : Security update available for Adobe Lightroom

https://helpx.adobe.com/security/products/lightroom/apsb25-29.html

APSB25-35 : Security update available for Adobe Dreamweaver

https://helpx.adobe.com/security/products/dreamweaver/apsb25-35.html

APSB25-36 : Security update available for Adobe Connect

https://helpx.adobe.com/security/products/connect/apsb25-36.html

APSB25-37 : Security update available for Adobe InDesign

https://helpx.adobe.com/security/products/indesign/apsb25-37.html

APSB25-38 : Security update available for Adobe Substance 3D Painter

https://helpx.adobe.com/security/products/substance3d_painter/apsb25-38.html

APSB25-40 : Security update available for Adobe Photoshop

https://helpx.adobe.com/security/products/photoshop/apsb25-40.html

APSB25-42 : Security update available for Adobe Animate

https://helpx.adobe.com/security/products/animate/apsb25-42.html

APSB25-43 : Security update available for Adobe Illustrator

https://helpx.adobe.com/security/products/illustrator/apsb25-43.html

APSB25-44 : Security update available for Adobe Bridge

https://helpx.adobe.com/security/products/bridge/apsb25-44.html

APSB25-45 : Security update available for Adobe Dimension

https://helpx.adobe.com/security/products/dimension/apsb25-45.html

APSB25-46 : Security update available for Adobe Substance 3D Stager

https://helpx.adobe.com/security/products/substance3d_stager/apsb25-46.html

APSB25-51 : Security update available for Adobe Substance 3D Modeler

https://helpx.adobe.com/security/products/substance3d-modeler/apsb25-51.html

APSB25-52 : Security update available for Adobe ColdFusion

https://helpx.adobe.com/security/products/coldfusion/apsb25-52.html

APSB25-42 : Security update available for Adobe Animate

https://helpx.adobe.com/security/products/animate/apsb25-42.html

APSB25-44 : Security update available for Adobe Bridge

https://helpx.adobe.com/security/products/bridge/apsb25-44.html

APSB25-52 : Security update available for Adobe ColdFusion

https://helpx.adobe.com/security/products/coldfusion/apsb25-52.html

APSB25-36 : Security update available for Adobe Connect

https://helpx.adobe.com/security/products/connect/apsb25-36.html

APSB25-35 : Security update available for Adobe Dreamweaver

https://helpx.adobe.com/security/products/dreamweaver/apsb25-35.html

APSB25-43 : Security update available for Adobe Illustrator

https://helpx.adobe.com/security/products/illustrator/apsb25-43.html

APSB25-37 : Security update available for Adobe InDesign

https://helpx.adobe.com/security/products/indesign/apsb25-37.html

APSB25-29 : Security update available for Adobe Lightroom

https://helpx.adobe.com/security/products/lightroom/apsb25-29.html

APSB25-40 : Security update available for Adobe Photoshop

https://helpx.adobe.com/security/products/photoshop/apsb25-40.html

Adobe Product Suite May 2025 Routine Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Google Chrome Browser (136.0.7103.113/.114) Security Update Advisory

Palo Alto Networks Family May 2025 Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Google Chrome Browser (136.0.7103.113/.114) Security Update Advisory

Palo Alto Networks Family May 2025 Security Update Advisory