Security Advisory

Adobe Product Suite October 2025 Routine Security Update Advisory

  • Oct 15 2025
Adobe Product Suite October 2025 Routine Security Update Advisory

Overview

 

Adobe(https://adobe.com) has released a security update that addresses a vulnerability in its supplied products. Users of affected systems are advised to update to the latest version.

 

Affected Products

 

Adobe Connect 12.9 and earlier versions

Adobe Commerce 2.4.9-alpha2 and earlier

Adobe Commerce 2.4.8-p2 and earlier

Adobe Commerce 2.4.7-p7 and earlier

Adobe Commerce 2.4.6-p12 and earlier

Adobe Commerce 2.4.5-p14 and earlier

Adobe Commerce 2.4.4-p15 and earlier

Adobe Commerce B2B 1.5.3-alpha2 and earlier

Adobe Commerce B2B 1.5.2-p2 and earlier

Adobe Commerce B2B 1.4.2-p7 and earlier

Adobe Commerce B2B 1.3.5-p12 and earlier

Adobe Commerce B2B 1.3.4-p14 and earlier

Adobe Commerce B2B 1.3.3-p15 and earlier

Magento Open Source 2.4.9-alpha2 and earlier

Magento Open Source 2.4.8-p2 and earlier

Magento Open Source 2.4.7-p7 and earlier

Magento Open Source 2.4.6-p12 and earlier

Magento Open Source 2.4.5-p14 and earlier

Creative Cloud Desktop Application 6.7.0.278 and earlier

Adobe Bridge 14.1.8 (lts) and earlier

Adobe Bridge 15.1.1 and earlier

Adobe Animate 2023 23.0.13 and earlier

Adobe Animate 2024 24.0.10 and earlier

Adobe Experience Manager (AEM) Screens aem 6.5.22 screens fp11.6

Adobe Substance 3D Viewer 0.25.2 and earlier

Adobe Substance 3D Modeler 1.22.3 and earlier

Adobe FrameMaker 2020 release update 9 and earlier

Adobe FrameMaker 2022 release update 7 and earlier

Illustrator 2025 29.7 and earlier

Illustrator 2024 28.7.9 and earlier

Adobe Dimension 4.1.4 and earlier

Adobe Substance 3D Stager 3.1.4 and earlier

 

Resolved Vulnerabilities

 

Arbitrary code execution vulnerability due to cross-site scripting (Dom-based XSS) in Adobe Connect (CVE-2025-49552)

Arbitrary code execution vulnerability due to cross-site scripting (Dom-based XSS) in Adobe Connect (CVE-2025-49553)

Security feature bypass vulnerability due to url redirection to untrusted site (‘open redirect’) in Adobe Connect (CVE-2025-54196)

Security feature bypass vulnerability due to improper access control in Adobe Commerce (CVE-2025-54263)

Privilege escalation vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2025-54264)

Security feature bypass vulnerability due to malformed authorization in Adobe Commerce (CVE-2025-54265)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2025-54266)

Privilege escalation vulnerability due to malformed authorization in Adobe Commerce (CVE-2025-54267)

Arbitrary file write vulnerability due to a time-of-check time-of-use (toctou) race condition in Creative Cloud Desktop Application (CVE-2025-54271)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe Bridge (CVE-2025-54268)

Memory exposure vulnerability due to a heap memory-based buffer overflow in Adobe Bridge (CVE-2025-54278)

Arbitrary code execution vulnerability due to unclaimed memory usage (UAF) in Adobe Animate 2023 (CVE-2025-54279)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe Animate 2023 (CVE-2025-61804)

Memory exposure vulnerability due to an out-of-bounds read of memory in Adobe Animate 2023 (CVE-2025-54269)

Memory exposure vulnerability due to a null pointer reference in Adobe Animate 2023 (CVE-2025-54270)

Arbitrary code execution vulnerability due to cross-site scripting (Reflected XSS) in Adobe Experience Manager (AEM) Screens (CVE-2025-54272)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) Screens (CVE-2025-54296)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) Screens (CVE-2025-54297)

Arbitrary code execution vulnerability due to out-of-bounds writes in memory in Adobe Substance 3D Viewer (CVE-2025-54273)

Arbitrary code execution vulnerability due to a stack-based buffer overflow in Adobe Substance 3D Viewer (CVE-2025-54274)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Substance 3D Viewer (CVE-2025-54280)

Application denial of service vulnerability due to out-of-bounds writes to memory in Adobe Substance 3D Viewer (CVE-2025-54275)

Arbitrary code execution vulnerability due to an out-of-bounds read in memory in Adobe Substance 3D Modeler (CVE-2025-54276)

Arbitrary code execution vulnerability due to an out-of-bounds write in memory in Illustrator 2025 (CVE-2025-54283)

Arbitrary code execution vulnerability due to out-of-bounds writes in memory in Illustrator 2025 (CVE-2025-54284)

Arbitrary code execution vulnerability due to an out-of-bounds read in memory in Adobe Dimension (CVE-2025-61798)

Arbitrary code execution vulnerability due to an out-of-bounds read in memory in Adobe Dimension (CVE-2025-61799)

Arbitrary code execution vulnerability due to integer value overflow in Adobe Dimension (CVE-2025-61800)

Arbitrary code execution vulnerability due to unreleased memory usage (UAF) in Adobe Dimension (CVE-2025-61801)

Arbitrary code execution vulnerability due to unbounded memory usage (UAF) in Adobe Substance 3D Stager (CVE-2025-61802)

Arbitrary code execution vulnerability due to an integer value overflow in Adobe Substance 3D Stager (CVE-2025-61803)

Arbitrary code execution vulnerability due to an out-of-bounds read in memory in Adobe Substance 3D Stager (CVE-2025-61805)

Arbitrary code execution vulnerability due to an out-of-bounds read in memory in Adobe Substance 3D Stager (CVE-2025-61806)

Arbitrary code execution vulnerability due to an integer value overflow in Adobe Substance 3D Stager (CVE-2025-61807)

 

Vulnerability Patches

 

The following product-specific vulnerability patches were made available in the October 14, 2025 update

Adobe Connect 12.10

Adobe Commerce 2.4.9-alpha3 for 2.4.9-alpha2

Adobe Commerce 2.4.8-p3 for 2.4.8-p2 and earlier

Adobe Commerce 2.4.7-p8 for 2.4.7-p7 and earlier

Adobe Commerce 2.4.6-p13 for 2.4.6-p12 and earlier

Adobe Commerce 2.4.5-p15 for 2.4.5-p14 and earlier

Adobe Commerce 2.4.4 p16 for 2.4.4-p15 and earlier

Adobe Commerce B2B 1.5.3-alpha3 for 1.5.3-alpha2

Adobe Commerce B2B 1.5.2-p3 for 1.5.2-p2 and earlier

Adobe Commerce B2B 1.4.2-p8 for 1.4.2-p7 and earlier

Adobe Commerce B2B 1.3.4-p13 for 1.3.4-p12 and earlier

Adobe Commerce B2B 1.3.3-p14 for 1.3.3-p13 and earlier

Adobe Commerce B2B 1.3.3-p16 for 1.3.3-p15 and earlier

Magento Open Source 2.4.9-alpha3 for 2.4.9-alpha2

Magento Open Source 2.4.8-p3 for 2.4.8-p2 and earlier

Magento Open Source 2.4.7-p8 for 2.4.7-p7 and earlier

Magento Open Source 2.4.6-p13 for 2.4.6-p12 and earlier

Magento Open Source 2.4.5-p15 for 2.4.5-p14 and earlier

Creative Cloud Desktop Application 6.8.0.821

Adobe Bridge 14.1.9 (lts)

Adobe Bridge 15.1.2

Adobe Animate 2023 23.0.15

Adobe Animate 2024 24.0.12

Adobe Experience Manager (AEM) Screens aem 6.5.22 screens fp11.7

Adobe Substance 3D Viewer 0.25.3

Adobe Substance 3D Modeler 1.22.4

Adobe FrameMaker framemaker 2020 update 10

Adobe FrameMaker framemaker 2022 update 8

Illustrator 2025 29.8 and later

Illustrator 2024 28.7.10 and later

Adobe Dimension 4.1.5

Adobe Substance 3D Stager 3.1.5

 

Referenced Sites

 

Security Bulletins and Advisories

https://helpx.adobe.com/security.html/security/security-bulletin.ug.html

APSB25-70 : Security update available for Adobe Connect

https://helpx.adobe.com/security/products/connect/apsb25-70.html

APSB25-94 : Security update available for Adobe Commerce

https://helpx.adobe.com/security/products/magento/apsb25-94.html

APSB25-95 : Security update available for Adobe Creative Cloud Desktop

https://helpx.adobe.com/security/products/creative-cloud/apsb25-95.html

APSB25-96 : Security update available for Adobe Bridge

https://helpx.adobe.com/security/products/bridge/apsb25-96.html

APSB25-97 : Security update available for Adobe Animate

https://helpx.adobe.com/security/products/animate/apsb25-97.html

APSB25-98 : Security update available for Adobe Experience Manager Screens

https://helpx.adobe.com/security/products/aem-screens/apsb25-98.html

APSB25-99 : Security update available for Adobe Substance 3D Viewer

https://helpx.adobe.com/security/products/substance3d-viewer/apsb25-99.html

APSB25-100 : Security update available for Adobe Substance 3D Modeler

https://helpx.adobe.com/security/products/substance3d-modeler/apsb25-100.html

APSB25-101 : Security update available for Adobe FrameMaker

https://helpx.adobe.com/security/products/framemaker/apsb25-101.html

APSB25-102 : Security update available for Adobe Illustrator

https://helpx.adobe.com/security/products/illustrator/apsb25-102.html

APSB25-103 : Security update available for Adobe Dimension

https://helpx.adobe.com/security/products/dimension/apsb25-103.html

APSB25-104 : Security update available for Adobe Substance 3D Stager

https://helpx.adobe.com/security/products/substance3d_stager/apsb25-104.html

APSB25-97 : Security update available for Adobe Animate

https://helpx.adobe.com/security/products/animate/apsb25-97.html

APSB25-96 : Security update available for Adobe Bridge

https://helpx.adobe.com/security/products/bridge/apsb25-96.html

APSB25-70 : Security update available for Adobe Connect

https://helpx.adobe.com/security/products/connect/apsb25-70.html

APSB25-102 : Security update available for Adobe Illustrator

https://helpx.adobe.com/security/products/illustrator/apsb25-102.html

APSB25-94 : Security update available for Adobe Commerce

https://helpx.adobe.com/security/products/magento/apsb25-94.html

Tags:
Previous Post

Next Post