Security Advisory

Adobe Product Suite September 2025 Routine Security Update Advisory

  • Sep 10 2025
Adobe Product Suite September 2025 Routine Security Update Advisory

Overview

 

Adobe(https://adobe.com) has released a security update that addresses a vulnerability in its supplied products. Users of affected systems are advised to update to the latest version.

 

Affected Products

 

Acrobat DC continuous

Acrobat Reader DC continuous

Acrobat 2024 classic 2024

Acrobat 2020 classic 2020

Acrobat Reader 2020 classic 2020

Adobe After Effects 24.6.7 and earlier

Adobe After Effects 25.3 and earlier

Adobe Premiere Pro 25.3 and earlier

Adobe Premiere Pro 24.6.5 and earlier

Adobe Commerce 2.4.9-alpha2 and earlier

Adobe Commerce 2.4.8-p2 and earlier

Adobe Commerce 2.4.7-p7 and earlier

Adobe Commerce 2.4.6-p12 and earlier

Adobe Commerce 2.4.5-p14 and earlier

Adobe Commerce 2.4.4-p15 and earlier

Adobe Commerce B2B 1.5.3-alpha2 and earlier

Adobe Commerce B2B 1.5.2-p2 and earlier

Adobe Commerce B2B 1.4.2-p7 and earlier

Adobe Commerce B2B 1.3.4-p14 and earlier

Adobe Commerce B2B 1.3.3-p15 and earlier

Magento Open Source 2.4.9-alpha2 and earlier

Magento Open Source 2.4.8-p2 and earlier

Magento Open Source 2.4.7-p7 and earlier

Magento Open Source 2.4.6-p12 and earlier

Magento Open Source 2.4.5-p14 and earlier

Adobe Substance 3D Viewer 0.25.1 and earlier

Adobe Experience Manager (AEM) aem cloud service (cs)

Adobe Experience Manager (AEM) 6.5 lts sp1 and earlier

Adobe Experience Manager (AEM) 6.5.23 and earlier

Adobe Dreamweaver 21.5 and earlier versions

Adobe Substance 3D Modeler 1.22.2 and earlier

ColdFusion 2025 update 3 and earlier

ColdFusion 2023 update 15 and earlier

ColdFusion 2021 update 21 and earlier

 

Resolved Vulnerabilities

 

Arbitrary code execution vulnerability due to unreleased memory usage (UAF) in Acrobat DC (CVE-2025-54257)

Security feature bypass vulnerability due to a violation of security design principles in Acrobat DC (CVE-2025-54255)

Memory exposure vulnerability due to an out-of-bounds read of memory in Adobe After Effects (CVE-2025-54239)

Memory exposure vulnerability due to an out-of-bounds read in memory in Adobe After Effects (CVE-2025-54240)

Memory exposure vulnerability due to an out-of-bounds read of memory in Adobe After Effects (CVE-2025-54241)

Arbitrary code execution vulnerability due to unbounded memory usage (UAF) in Adobe Premiere Pro (CVE-2025-54242)

Security feature bypass vulnerability due to lack of input validation in Adobe Commerce (CVE-2025-54236)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Substance 3D Viewer (CVE-2025-54243)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe Substance 3D Viewer (CVE-2025-54244)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Substance 3D Viewer (CVE-2025-54245)

Security feature bypass vulnerability due to lack of input validation in Adobe Experience Manager (AEM) (CVE-2025-54248)

Security feature bypass vulnerability due to malformed authorization in Adobe Experience Manager (AEM) (CVE-2025-54246)

Security feature bypass vulnerability due to poor input validation in Adobe Experience Manager (AEM) (CVE-2025-54247)

Security feature bypass vulnerability due to server-side request manipulation (SSRF) in Adobe Experience Manager (AEM) (CVE-2025-54249)

Security feature bypass vulnerability due to lack of input validation in Adobe Experience Manager (AEM) (CVE-2025-54250)

Security feature bypass vulnerability due to XML injection in Adobe Experience Manager (AEM) (CVE-2025-54251)

Security Feature Bypass Vulnerability due to Cross Site Scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2025-54252)

Arbitrary code execution vulnerability due to cross-site request forgery (csrf) in Adobe Dreamweaver (CVE-2025-54256)

Arbitrary code execution vulnerability due to unreleased memory usage (UAF) in Adobe Substance 3D Modeler (CVE-2025-54258)

Arbitrary code execution vulnerability due to an integer value overflow in Adobe Substance 3D Modeler (CVE-2025-54259)

Arbitrary code execution vulnerability due to an out-of-bounds read in memory in Adobe Substance 3D Modeler (CVE-2025-54260)

Arbitrary file write vulnerability due to lack of pathname restrictions in ColdFusion 2025 (CVE-2025-54261)

 

Vulnerability Patches

 

The following product-specific vulnerability patches were made available in the September 9, 2025 update

Acrobat DC continuous

Acrobat Reader DC continuous

Acrobat 2024 classic 2024

Acrobat 2020 classic 2020

Acrobat Reader 2020 classic 2020

Adobe After Effects 24.6.8

Adobe After Effects 25.4

Adobe Premiere Pro 25.4

Adobe Premiere Pro 24.6.8

Adobe Commerce and Magento Open Source hotfix for cve-2025-54236

Adobe Commerce and Magento Open Source compatible with all adobe commerce and magento open source versions between 2.4.4 – 2.4.7

Adobe Substance 3D Viewer 0.25.2

Adobe Experience Manager (AEM) aem cloud service release 2025.9

Adobe Experience Manager (AEM) 6.5 lts sp1 (granite-61551 hotfix)

Adobe Experience Manager (AEM) 6.5.23 (granite-61551 hotfix)

Adobe Dreamweaver 21.6

Adobe Substance 3D Modeler 1.22.4

ColdFusion 2025 update 4

ColdFusion 2023 update 16

ColdFusion 2021 update 22

 

Referenced Sites

 

Security Bulletins and Advisories

https://helpx.adobe.com/security.html/security/security-bulletin.ug.html

APSB25-85 : Security update available for Adobe Acrobat Reader

https://helpx.adobe.com/security/products/acrobat/apsb25-85.html

APSB25-86 : Security update available for Adobe After Effects

https://helpx.adobe.com/security/products/after_effects/apsb25-86.html

APSB25-87 : Security update available for Adobe Premiere Pro

https://helpx.adobe.com/security/products/premiere_pro/apsb25-87.html

APSB25-88 : Security update available for Adobe Commerce

https://helpx.adobe.com/security/products/magento/apsb25-88.html

APSB25-89 : Security update available for Adobe Substance 3D Viewer

https://helpx.adobe.com/security/products/substance3d-viewer/apsb25-89.html

APSB25-90 : Security update available for Adobe Experience Manager

https://helpx.adobe.com/security/products/experience-manager/apsb25-90.html

APSB25-91 : Security update available for Adobe Dreamweaver

https://helpx.adobe.com/security/products/dreamweaver/apsb25-91.html

APSB25-92: Security update available for Adobe 3D Substance Modeler

https://helpx.adobe.com/security/products/substance3d-modeler/apsb25-92.html

APSB25-93 : Security update available for Adobe ColdFusion

https://helpx.adobe.com/security/products/coldfusion/apsb25-93.html

APSB25-85 : Security update available for Adobe Acrobat Reader

https://helpx.adobe.com/security/products/acrobat/apsb25-85.html

APSB25-86 : Security update available for Adobe After Effects

https://helpx.adobe.com/security/products/after_effects/apsb25-86.html

APSB25-93 : Security update available for Adobe ColdFusion

https://helpx.adobe.com/security/products/coldfusion/apsb25-93.html

APSB25-91 : Security update available for Adobe Dreamweaver

https://helpx.adobe.com/security/products/dreamweaver/apsb25-91.html

APSB25-88 : Security update available for Adobe Commerce

https://helpx.adobe.com/security/products/magento/apsb25-88.html

APSB25-87 : Security update available for Adobe Premiere Pro

https://helpx.adobe.com/security/products/premiere_pro/apsb25-87.html

Tags:
Previous Post

Next Post