Adobe Product Suite July 2025 Routine Security Update Advisory
Overview
Adobe (https://adobe.com) has released a security update that addresses a vulnerability in its supplied products. Users of affected systems are advised to update to the latest version.
Affected Products
ColdFusion 2025 Update 2 and earlier
ColdFusion 2023 Update 14 and earlier
ColdFusion 2021 Update 20 and earlier
Adobe Experience Manager (AEM) Screens AEM 6.5.22 Screens FP11.4
Adobe Experience Manager (AEM) Forms on JEE 6.5.23.0 and earlier
Adobe FrameMaker 2020 Release Update 8 and earlier
Adobe FrameMaker 2022 Release Update 6 and earlier
Illustrator 2025 29.5.1 and earlier
Illustrator 2024 28.7.6 and earlier
Adobe Substance 3D Stager 3.1.2 and earlier
Adobe Dimension 4.1.2 and earlier
Connect Windows App 24 and earlier
Adobe InDesign ID20.3 and earlier
Adobe InDesign ID19.5.3 and earlier
Adobe InCopy 20.3 and earlier
Adobe InCopy 19.5.3 and earlier
Adobe Audition 24.6.3 and earlier
Adobe Audition 25.2 and earlier
Adobe Substance 3D Viewer 0.22 and earlier
Adobe After Effects 24.6.6 and earlier
Adobe After Effects 25.2 and earlier
Resolved Vulnerabilities
Arbitrary file system read vulnerability due to improperly restricting external XML entity references in ColdFusion (CVE-2025-49535)
Elevation of privilege vulnerability due to the use of hardcoded credentials in ColdFusion (CVE-2025-49551)
Security feature bypass vulnerability due to malformed authorization in ColdFusion (CVE-2025-49536)
Arbitrary file system read vulnerability due to improper sanitization of special elements used in operating system instructions in ColdFusion (CVE-2025-49537)
Arbitrary file system read vulnerability due to XML injection in ColdFusion (CVE-2025-49538)
Security feature bypass vulnerability due to improperly restricting external XML entity references in ColdFusion (CVE-2025-49539)
Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in ColdFusion (CVE-2025-49540)
Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in ColdFusion (CVE-2025-49541)
Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in ColdFusion (CVE-2025-49542)
Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in ColdFusion (CVE-2025-49543)
Security feature bypass vulnerability due to improperly restricting external XML entity references in ColdFusion (CVE-2025-49544)
Arbitrary file system read vulnerability due to server-side request forgery in ColdFusion (CVE-2025-49545)
Application denial of service vulnerability due to improper access control in ColdFusion (CVE-2025-49546)
Arbitrary code execution vulnerability due to cross-site scripting (Reflected XSS) in Adobe Experience Manager (AEM) Screens (CVE-2025-49534)
Arbitrary code execution vulnerability due to cross-site scripting (Reflected XSS) in Adobe Experience Manager (AEM) Screens (CVE-2025-49547)
Arbitrary code execution vulnerability due to deserialization of untrusted data in Adobe Experience Manager (AEM) Forms on JEE (CVE-2025-49533)
Arbitrary code execution vulnerability due to uninitialized pointer access in Adobe FrameMaker (CVE-2025-47121)
Arbitrary code execution vulnerability due to a heap-based buffer overflow in Adobe FrameMaker (CVE-2025-47122)
Arbitrary code execution vulnerability due to a heap-based buffer overflow in Adobe FrameMaker (CVE-2025-47123)
Arbitrary code execution vulnerability due to an out-of-bounds write in Adobe FrameMaker (CVE-2025-47124)
Arbitrary code execution vulnerability due to a heap-based buffer overflow in Adobe FrameMaker (CVE-2025-47125)
Arbitrary code execution vulnerability due to an out-of-bounds write in Adobe FrameMaker (CVE-2025-47126)
Arbitrary code execution vulnerability due to out-of-bounds write in Adobe FrameMaker (CVE-2025-47127)
Arbitrary code execution vulnerability due to integer underflow in Adobe FrameMaker (CVE-2025-47128)
Arbitrary code execution vulnerability due to out-of-bounds writes to memory in Adobe FrameMaker (CVE-2025-47129)
Arbitrary code execution vulnerability due to an integer underflow in Adobe FrameMaker (CVE-2025-47130)
Arbitrary code execution vulnerability due to heap-based buffer overflow in Adobe FrameMaker (CVE-2025-47131)
Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe FrameMaker (CVE-2025-47132)
Arbitrary code execution vulnerability due to out-of-bounds writes in memory in Adobe FrameMaker (CVE-2025-47133)
Memory leak vulnerability due to a stack-based buffer overflow in Adobe FrameMaker (CVE-2025-47120)
Application denial of service vulnerability due to null pointer dereference in Adobe FrameMaker (CVE-2025-47119)
Arbitrary code execution vulnerability due to an out-of-bounds write in Illustrator (CVE-2025-49526)
Arbitrary code execution vulnerability due to a stack-based buffer overflow in Illustrator (CVE-2025-49527)
Arbitrary code execution vulnerability due to a stack-based buffer overflow in Illustrator (CVE-2025-49528)
Arbitrary code execution vulnerability due to uninitialized pointer access in Illustrator (CVE-2025-49529)
Arbitrary code execution vulnerability due to out-of-bounds writes to memory in Illustrator (CVE-2025-49530)
Arbitrary code execution vulnerability due to integer overflow or wrapping in Illustrator (CVE-2025-49531)
Arbitrary code execution vulnerability due to integer underflow in Illustrator (CVE-2025-49532)
Memory leak vulnerability due to an out-of-bounds read of memory in Illustrator (CVE-2025-30313)
Application denial of service vulnerability due to null pointer dereference in Illustrator (CVE-2025-49524)
Memory leak vulnerability due to an out-of-bounds read of memory in Illustrator (CVE-2025-49525)
Memory leak vulnerability due to an out-of-bounds read in memory in Adobe Substance 3D Stager (CVE-2025-27165)
Arbitrary code execution vulnerability due to out-of-bounds writes to memory in Adobe Dimension (CVE-2025-30312)
Memory leak vulnerability due to an out-of-bounds read in memory in Adobe Dimension (CVE-2025-47135)
Arbitrary code execution vulnerability due to deserialization of untrusted data in the Connect Windows App (CVE-2025-27203)
Arbitrary code execution vulnerability due to integer underflow in Adobe InDesign (CVE-2025-47136)
Arbitrary code execution vulnerability due to heap-based buffer overflow in Adobe InDesign (CVE-2025-43591)
Arbitrary code execution vulnerability due to uninitialized pointer access in Adobe InDesign (CVE-2025-43592)
Arbitrary code execution vulnerability due to out-of-bounds writes to memory in Adobe InDesign (CVE-2025-43594)
Arbitrary code execution vulnerability due to a heap-based buffer overflow in Adobe InDesign (CVE-2025-47103)
Arbitrary code execution vulnerability due to a heap-based buffer overflow in Adobe InDesign (CVE-2025-47134)
Arbitrary code execution vulnerability due to an integer underflow in Adobe InCopy (CVE-2025-47097)
Arbitrary code execution vulnerability due to uninitialized pointer access in Adobe InCopy (CVE-2025-47098)
Arbitrary code execution vulnerability due to heap-based buffer overflow in Adobe InCopy (CVE-2025-47099)
Application denial of service vulnerability due to access to a memory location outside the end of a buffer in Adobe Audition (CVE-2025-43580)
Arbitrary code execution vulnerability due to a heap-based buffer overflow in Adobe Substance 3D Viewer (CVE-2025-43582)
Application denial of service vulnerability due to null pointer dereference in Adobe Substance 3D Viewer (CVE-2025-43583)
Memory leak vulnerability due to an out-of-bounds read of memory in Adobe Substance 3D Viewer (CVE-2025-43584)
Application denial of service vulnerability due to null pointer dereference in Adobe After Effects (CVE-2025-47109)
Memory leak vulnerability due to an out-of-bounds read of memory in Adobe After Effects (CVE-2025-43587)
Vulnerability Patches
The following product-specific Vulnerability Patches were made available in the 07/08/2025 update
ColdFusion 2025 Update 3
ColdFusion 2023 Update 15
ColdFusion 2021 Update 21
Adobe Experience Manager (AEM) Screens AEM 6.5.22 Screens FP11.6
Adobe Experience Manager (AEM) Forms on JEE 6.5.0.0.0.20250527.0
Adobe FrameMaker 2020 Release Update 9
Adobe FrameMaker 2022 Release Update 7
Illustrator 2025 29.6 and later versions
Illustrator 2024 28.7.8 and later versions
Adobe Substance 3D Stager 3.1.3
Adobe Dimension 4.1.3
Connect Windows App 25.1
Adobe InDesign ID20.4
Adobe InDesign ID19.5.4
Adobe InCopy 20.4
Adobe InCopy 19.5.4
Adobe Audition 24.6.7
Adobe Audition 25.3
Adobe Substance 3D Viewer 0.25
Adobe After Effects 24.6.7
Adobe After Effects 25.3
Referenced Sites
[1] Security updates available for Adobe ColdFusion | APSB25-69
https://helpx.adobe.com/security/products/coldfusion/apsb25-69.html
[2] Security updates available for Adobe Experience Manager Screens | APSB25-68
https://helpx.adobe.com/security/products/aem-screens/apsb25-68.html
[3] Security updates available for Adobe Experience Manager Forms | APSB25-67
https://helpx.adobe.com/security/products/aem-forms/apsb25-67.html
[4] Security Updates Available for Adobe FrameMaker | APSB25-66
http://helpx.adobe.com/security/products/framemaker/apsb25-66.html
[5] Security Updates Available for Adobe Illustrator | APSB25-65
https://helpx.adobe.com/security/products/illustrator/apsb25-65.html
[6] Security updates available for Substance 3D Stager | APSB25-64
https://helpx.adobe.com/security/products/substance3d_stager/apsb25-64.html
[7] Security updates available for Adobe Dimension | APSB25-63
https://helpx.adobe.com/security/products/dimension/apsb25-63.html
[8] Security update available for Adobe Connect | APSB25-61
https://helpx.adobe.com/security/products/connect/apsb25-61.html
[9] Security Update Available for Adobe InDesign | APSB25-60
https://helpx.adobe.com/security/products/indesign/apsb25-60.html
[10] Security Update Available for Adobe InCopy | APSB25-59
https://helpx.adobe.com/security/products/incopy/apsb25-59.html
[11] Security Updates Available for Adobe Audition | APSB25-56
https://helpx.adobe.com/security/products/audition/apsb25-56.html
[12] Security updates available for Substance 3D Viewer | APSB25-54
https://helpx.adobe.com/security/products/substance3d-viewer/apsb25-54.html
[13] Security Updates Available for Adobe After Effects | APSB25-49
https://helpx.adobe.com/security/products/after_effects/apsb25-49.html